MediaWiki 1.16.3

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:mediawiki:mediawiki:1.16.3:*:*:*:*:*:*:*

part: a version: 1.16.3 update: *

VendorMediawiki (cdb1ca1d-4622-5407-a7d8-3e891579b8c5)
ProductMediawiki (ab97168e-95e7-5d6e-a2ac-f8d27117dc4d)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/wikimedia/mediawiki purl2cpe 2026-06-01 10:10:57.599612
pkg:wikimedia/mediawiki purl2cpe 2026-06-01 10:10:57.599613

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2011-1766 vulnerable 2026-06-03 14:31:03.873780 Details available
includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation.
Published: 2011-05-23T22:00:00.000Z
Updated: 2024-08-06T22:37:25.728Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2011-1765 vulnerable 2026-06-03 14:31:03.870271 Details available
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578 and CVE-2011-1587.
Published: 2011-05-23T22:00:00.000Z
Updated: 2024-08-06T22:37:25.890Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.