Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2020-09-27 CVE-2020-26121 Incorrect Authorization vulnerability in multiple products
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-863
7.5
7.5
2020-09-27 CVE-2020-26120 Cross-site Scripting vulnerability in multiple products
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2020-09-27 CVE-2020-25869 Incorrect Authorization vulnerability in multiple products
An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-863
7.5
7.5
2020-09-27 CVE-2020-25828 Cross-site Scripting vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2020-09-27 CVE-2020-25827 Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-307
7.5
7.5
2020-09-27 CVE-2020-25815 Cross-site Scripting vulnerability in multiple products
An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2020-09-27 CVE-2020-25814 Cross-site Scripting vulnerability in multiple products
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2020-09-27 CVE-2020-25813 In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users.
network
low complexity
mediawiki fedoraproject
5.3
5.3
2020-09-27 CVE-2020-25812 Cross-site Scripting vulnerability in multiple products
An issue was discovered in MediaWiki 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2020-09-27 CVE-2020-26116 Injection vulnerability in multiple products
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. 		7.2
7.2