Skip to main content
CVE-2015-2807 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Navis Documentcloud
NVD
CVSS 2.0
4.3
EPSS
6.9%
CVE-2015-6520 HIGH This Week

IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ippusbxd
NVD GitHub
CVSS 2.0
7.5
EPSS
0.8%
CVE-2015-6728 HIGH This Week

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Mediawiki
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2015-6736 MEDIUM This Month

The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Quiz
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2015-6735 MEDIUM This Month

The reset functionality in the TimedMediaHandler extension for MediaWiki does not create a new transcode, which allows remote attackers to cause a denial of service (transcode deletion) by resetting. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Timedmediahandler
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2015-6733 MEDIUM This Month

GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mediawiki
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2013-7444 MEDIUM This Month

The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mediawiki
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-6727 MEDIUM This Month

The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block". Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mediawiki Ubuntu Linux
NVD GitHub
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-6732 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) wpSummary parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Semanticforms
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-6731 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via a (1) section_*, (2) template_*, (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Semanticforms
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-6737 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Widgets
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-6734 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-6730 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-6729 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy