GCVE - cpe:2.3:a:mediawiki:mediawiki:1.4

Approved changes feed: RSS · Atom

cpe:2.3:a:mediawiki:mediawiki:1.4_beta5:*:*:*:*:*:*:*

part: a version: 1.4_beta5 update: *

Vendor	Mediawiki (`cdb1ca1d-4622-5407-a7d8-3e891579b8c5`)
Product	Mediawiki (`ab97168e-95e7-5d6e-a2ac-f8d27117dc4d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/wikimedia/mediawiki`	purl2cpe	2026-06-01 10:10:57.685603
`pkg:wikimedia/mediawiki`	purl2cpe	2026-06-01 10:10:57.685605

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2007-0894`	vulnerable	2026-06-03 14:27:58.322846	Details available MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message. Published: 2007-02-12T23:00:00.000Z Updated: 2024-08-07T12:34:21.192Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/459793/100/0/threaded http://osvdb.org/33708 http://zone14.free.fr/advisories/7/ http://bugzilla.wikimedia.org/show_bug.cgi?id=8819 http://osvdb.org/33706	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-0322`	vulnerable	2026-06-03 14:27:20.464814	Details available Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links." Published: 2006-01-19T21:00:00.000Z Updated: 2024-08-07T16:34:13.580Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2006/0392 http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html http://sourceforge.net/project/shownotes.php?release_id=386609 http://secunia.com/advisories/18717 https://exchange.xforce.ibmcloud.com/vulnerabilities/24478	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-4501`	vulnerable	2026-06-03 14:27:13.346091	Details available MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer. Published: 2005-12-22T21:00:00.000Z Updated: 2024-08-07T23:46:05.539Z Open on db.gcve.eu Reference links http://www.mediawiki.org/wiki/Download http://www.vupen.com/english/advisories/2005/3059 http://secunia.com/advisories/18219 https://exchange.xforce.ibmcloud.com/vulnerabilities/23882 http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-3167`	vulnerable	2026-06-03 14:27:08.931201	Details available Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks. Published: 2005-10-06T04:00:00.000Z Updated: 2024-08-07T23:01:58.969Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/15024 http://sourceforge.net/project/shownotes.php?release_id=361505 http://secunia.com/advisories/17074 http://www.novell.com/linux/security/advisories/2005_27_sr.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-3166`	vulnerable	2026-06-03 14:27:08.928601	Details available Unspecified vulnerability in "edit submission handling" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL. Published: 2005-10-06T04:00:00.000Z Updated: 2024-08-07T23:01:59.158Z Open on db.gcve.eu Reference links http://www.novell.com/linux/security/advisories/2005_22_sr.html http://www.osvdb.org/19956 http://sourceforge.net/project/shownotes.php?release_id=358163	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-3165`	vulnerable	2026-06-03 14:27:08.917698	Details available Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients. Published: 2005-10-06T04:00:00.000Z Updated: 2024-09-17T01:31:24.015Z Open on db.gcve.eu Reference links http://sourceforge.net/project/shownotes.php?release_id=352777 http://secunia.com/advisories/16932 http://lwn.net/Articles/153906/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-2396`	vulnerable	2026-06-03 14:27:01.978603	Details available Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template. Published: 2005-07-27T04:00:00.000Z Updated: 2024-08-07T22:22:49.146Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/21491 http://www.osvdb.org/17763 http://secunia.com/advisories/15950 http://www.securityfocus.com/bid/14327 http://security.gentoo.org/glsa/glsa-200507-18.xml	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-1888`	vulnerable	2026-06-03 14:27:00.496934	Details available Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates. Published: 2005-06-08T04:00:00.000Z Updated: 2024-08-07T22:06:57.720Z Open on db.gcve.eu Reference links http://www.novell.com/linux/security/advisories/2005_19_sr.html http://sourceforge.net/project/shownotes.php?release_id=332231 http://www.securityfocus.com/bid/13861	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-1245`	vulnerable	2026-06-03 14:26:58.521187	Details available Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Published: 2005-04-24T04:00:00.000Z Updated: 2024-08-07T21:44:05.450Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/20210 http://www.osvdb.org/15719 http://secunia.com/advisories/14993 http://www.securityfocus.com/bid/13301 http://sourceforge.net/project/shownotes.php?release_id=322146	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-0536`	vulnerable	2026-06-03 14:26:50.813055	Details available Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to delete arbitrary files or determine file existence via a parameter related to image deletion. Published: 2005-02-24T05:00:00.000Z Updated: 2024-08-07T21:13:54.172Z Open on db.gcve.eu Reference links http://securitytracker.com/id?1013260 http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml http://sourceforge.net/project/shownotes.php?release_id=307067 http://secunia.com/advisories/14360	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-0534`	vulnerable	2026-06-03 14:26:50.810225	Details available Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allow remote attackers to inject arbitrary web script. Published: 2005-02-24T05:00:00.000Z Updated: 2024-08-07T21:13:54.286Z Open on db.gcve.eu Reference links http://securitytracker.com/id?1013260 http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml http://sourceforge.net/project/shownotes.php?release_id=307067 http://secunia.com/advisories/14360	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Mediawiki

PURL mappings

Vulnerability references

Contribute