GCVE - cpe:2.3:a:mediawiki:mediawiki:1.19.12:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mediawiki:mediawiki:1.19.12:*:*:*:*:*:*:*

part: a version: 1.19.12 update: *

Vendor	Mediawiki (`cdb1ca1d-4622-5407-a7d8-3e891579b8c5`)
Product	Mediawiki (`ab97168e-95e7-5d6e-a2ac-f8d27117dc4d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/wikimedia/mediawiki`	purl2cpe	2026-06-01 10:10:57.618150
`pkg:wikimedia/mediawiki`	purl2cpe	2026-06-01 10:10:57.618155

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-9487`	vulnerable	2026-06-03 14:34:27.146916	Details available The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053. Published: 2017-10-17T14:00:00.000Z Updated: 2024-08-06T13:47:41.107Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2015/01/03/13 https://security.gentoo.org/glsa/201502-04 https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html https://bugzilla.redhat.com/show_bug.cgi?id=1175828	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-7295`	vulnerable	2026-06-03 14:34:15.597025	Details available The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css. Published: 2014-10-07T14:00:00.000Z Updated: 2024-08-06T12:47:32.276Z Open on db.gcve.eu Reference links https://bugzilla.wikimedia.org/show_bug.cgi?id=70672 https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html http://www.debian.org/security/2014/dsa-3046 http://secunia.com/advisories/61752 http://seclists.org/oss-sec/2014/q4/67	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-7199`	vulnerable	2026-06-03 14:34:15.211193	Details available Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file. Published: 2014-09-30T14:00:00.000Z Updated: 2024-08-06T12:40:19.157Z Open on db.gcve.eu Reference links https://gerrit.wikimedia.org/r/#/c/162777/ http://www.debian.org/security/2014/dsa-3036 https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html http://www.openwall.com/lists/oss-security/2014/09/27/2 http://secunia.com/advisories/61666	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-5243`	vulnerable	2026-06-03 14:34:05.770986	Details available MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. Published: 2014-08-22T17:00:00.000Z Updated: 2024-08-06T11:41:48.324Z Open on db.gcve.eu Reference links https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html http://www.debian.org/security/2014/dsa-3011 http://www.mandriva.com/security/advisories?name=MDVSA-2014:153 http://secunia.com/advisories/59738 http://openwall.com/lists/oss-security/2014/08/14/5	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-5241`	vulnerable	2026-06-03 14:34:05.757823	Details available The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set. Published: 2014-08-22T17:00:00.000Z Updated: 2024-08-06T11:41:47.649Z Open on db.gcve.eu Reference links https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html http://www.debian.org/security/2014/dsa-3011 http://www.mandriva.com/security/advisories?name=MDVSA-2014:153 http://secunia.com/advisories/59738 https://bugzilla.wikimedia.org/show_bug.cgi?id=68187	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3966`	vulnerable	2026-06-03 14:34:02.267207	Details available Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username. Published: 2014-06-06T14:00:00.000Z Updated: 2024-08-06T10:57:18.054Z Open on db.gcve.eu Reference links http://secunia.com/advisories/58896 http://www.securitytracker.com/id/1030364 http://www.openwall.com/lists/oss-security/2014/06/04/15 https://bugzilla.wikimedia.org/show_bug.cgi?id=65501 http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-May/000151.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-2853`	vulnerable	2026-06-03 14:33:51.992041	Details available Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action. Published: 2014-04-29T18:00:00.000Z Updated: 2024-08-06T10:28:46.374Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/67068 http://www.securitytracker.com/id/1030161 http://secunia.com/advisories/58262 https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6 http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-2665`	vulnerable	2026-06-03 14:33:51.555010	Details available includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue. Published: 2014-04-20T01:00:00.000Z Updated: 2024-08-06T10:21:35.971Z Open on db.gcve.eu Reference links https://bugzilla.wikimedia.org/show_bug.cgi?id=62497 http://openwall.com/lists/oss-security/2014/03/28/1 http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html http://openwall.com/lists/oss-security/2014/04/01/7 https://gerrit.wikimedia.org/r/#/c/121517/1/includes/specials/SpecialChangePassword.php	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.