GCVE - cpe:2.3:a:mediawiki:mediawiki:1.11:rc1:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mediawiki:mediawiki:1.11:rc1:*:*:*:*:*:*

part: a version: 1.11 update: rc1

Vendor	Mediawiki (`cdb1ca1d-4622-5407-a7d8-3e891579b8c5`)
Product	Mediawiki (`ab97168e-95e7-5d6e-a2ac-f8d27117dc4d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/wikimedia/mediawiki`	purl2cpe	2026-06-01 10:10:57.599527
`pkg:wikimedia/mediawiki`	purl2cpe	2026-06-01 10:10:57.599529

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-0537`	vulnerable	2026-06-03 14:30:49.658752	Details available Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors related to a crafted language file and the Language::factory function. Published: 2011-02-04T00:00:00.000Z Updated: 2024-08-06T21:58:25.094Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2011/0273 http://osvdb.org/70799 https://bugzilla.wikimedia.org/show_bug.cgi?id=27094 http://www.openwall.com/lists/oss-security/2011/02/03/3 http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.patch.gz	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-0047`	vulnerable	2026-06-03 14:30:46.417210	Details available Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka "CSS injection vulnerability." Published: 2011-02-04T00:00:00.000Z Updated: 2024-08-06T21:43:14.184Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2011/0273 https://exchange.xforce.ibmcloud.com/vulnerabilities/65126 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html http://osvdb.org/70770 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-0003`	vulnerable	2026-06-03 14:30:45.835320	Details available MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors. Published: 2011-01-11T01:00:00.000Z Updated: 2024-08-06T21:36:02.223Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2011/01/04/12 http://www.vupen.com/english/advisories/2011/0017 https://bugzilla.wikimedia.org/show_bug.cgi?id=26561 http://www.osvdb.org/70272 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2788`	vulnerable	2026-06-03 14:30:27.598959	Details available Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter. Published: 2011-04-27T00:00:00.000Z Updated: 2024-08-07T02:46:48.051Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=620225 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html https://bugzilla.redhat.com/show_bug.cgi?id=620226 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html http://openwall.com/lists/oss-security/2010/07/29/4	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2787`	vulnerable	2026-06-03 14:30:27.565265	Details available api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim. Published: 2011-04-27T00:00:00.000Z Updated: 2024-08-07T02:46:48.599Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html https://bugzilla.redhat.com/show_bug.cgi?id=620226 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html http://openwall.com/lists/oss-security/2010/07/29/4 http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69776	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-1190`	vulnerable	2026-06-03 14:30:13.165981	Details available thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations. Published: 2010-03-31T17:35:00.000Z Updated: 2024-08-07T01:14:06.640Z Open on db.gcve.eu Reference links http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_2/phase3/RELEASE-NOTES http://secunia.com/advisories/39656 http://www.debian.org/security/2010/dsa-2022 http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-1189`	vulnerable	2026-06-03 14:30:13.163537	Details available MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka "CSS validation issue." Published: 2010-03-31T17:35:00.000Z Updated: 2024-08-07T01:14:06.657Z Open on db.gcve.eu Reference links http://secunia.com/advisories/39656 http://www.debian.org/security/2010/dsa-2022 http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html http://www.vupen.com/english/advisories/2010/0685	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-5688`	vulnerable	2026-06-03 14:29:10.576658	Details available MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception. Published: 2008-12-19T17:00:00.000Z Updated: 2024-08-07T11:04:44.557Z Open on db.gcve.eu Reference links https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html http://www.mediawiki.org/wiki/Manual:%24wgShowExceptionDetails https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html http://secunia.com/advisories/33349	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-5687`	vulnerable	2026-06-03 14:29:10.561093	Details available MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/. Published: 2008-12-19T17:00:00.000Z Updated: 2024-08-07T11:04:44.334Z Open on db.gcve.eu Reference links https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html https://exchange.xforce.ibmcloud.com/vulnerabilities/47678 http://secunia.com/advisories/33349	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.