Vulnerabilities > Mediawiki
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-21 | CVE-2020-35626 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. | 6.8 |
| 2020-12-21 | CVE-2020-35625 | Incorrect Permission Assignment for Critical Resource vulnerability in Mediawiki An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. | 6.5 |
| 2020-12-21 | CVE-2020-35624 | Information Exposure Through Discrepancy vulnerability in Mediawiki An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. | 5.0 |
| 2020-12-21 | CVE-2020-35623 | Insufficiently Protected Credentials vulnerability in Mediawiki An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. | 5.0 |
| 2020-12-21 | CVE-2020-35622 | Cross-Site Scripting vulnerability in Mediawiki An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. | 4.3 |
| 2020-12-18 | CVE-2020-35480 | Information Exposure vulnerability in multiple products An issue was discovered in MediaWiki before 1.35.1. | 5.0 |
| 2020-12-18 | CVE-2020-35479 | Cross-Site Scripting vulnerability in multiple products MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. | 4.3 |
| 2020-12-18 | CVE-2020-35478 | Cross-Site Scripting vulnerability in Mediawiki MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. | 4.3 |
| 2020-12-18 | CVE-2020-35477 | Improper Input Validation vulnerability in multiple products MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. | 5.0 |
| 2020-12-18 | CVE-2020-35475 | Improper Encoding OR Escaping of Output vulnerability in multiple products In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. | 5.0 |