Vulnerabilities > Mediawiki

DATE CVE VULNERABILITY TITLE RISK
2020-12-21 CVE-2020-35626 Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki
An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1.
network
mediawiki CWE-352
6.8
2020-12-21 CVE-2020-35625 Incorrect Permission Assignment for Critical Resource vulnerability in Mediawiki
An issue was discovered in the Widgets extension for MediaWiki through 1.35.1.
network
low complexity
mediawiki CWE-732
6.5
2020-12-21 CVE-2020-35624 Information Exposure Through Discrepancy vulnerability in Mediawiki
An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1.
network
low complexity
mediawiki CWE-203
5.0
2020-12-21 CVE-2020-35623 Insufficiently Protected Credentials vulnerability in Mediawiki
An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1.
network
low complexity
mediawiki CWE-522
5.0
2020-12-21 CVE-2020-35622 Cross-Site Scripting vulnerability in Mediawiki
An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1.
network
mediawiki CWE-79
4.3
2020-12-18 CVE-2020-35480 Information Exposure vulnerability in multiple products
An issue was discovered in MediaWiki before 1.35.1.
network
low complexity
mediawiki debian CWE-200
5.0
2020-12-18 CVE-2020-35479 Cross-Site Scripting vulnerability in multiple products
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php.
4.3
2020-12-18 CVE-2020-35478 Cross-Site Scripting vulnerability in Mediawiki
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php.
network
mediawiki CWE-79
4.3
2020-12-18 CVE-2020-35477 Improper Input Validation vulnerability in multiple products
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations.
network
low complexity
mediawiki debian CWE-20
5.0
2020-12-18 CVE-2020-35475 Improper Encoding OR Escaping of Output vulnerability in multiple products
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML.
network
low complexity
mediawiki debian CWE-116
5.0