Vulnerabilities > Mediawiki > Mediawiki > 1.31.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-09 | CVE-2021-30159 | An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. | 4.3 |
2021-04-09 | CVE-2021-30156 | Information Exposure vulnerability in multiple products An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. | 4.3 |
2021-04-09 | CVE-2021-30155 | Missing Authorization vulnerability in multiple products An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. | 4.3 |
2021-04-09 | CVE-2021-30152 | Improper Privilege Management vulnerability in multiple products An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. | 4.3 |
2021-04-06 | CVE-2021-30158 | Improper Authentication vulnerability in multiple products An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. | 5.3 |
2021-04-06 | CVE-2021-30157 | Cross-site Scripting vulnerability in multiple products An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. | 6.1 |
2021-04-06 | CVE-2021-30154 | Cross-site Scripting vulnerability in multiple products An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. | 6.1 |
2021-01-29 | CVE-2020-29005 | Insufficiently Protected Credentials vulnerability in Mediawiki The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure. | 5.0 |
2021-01-29 | CVE-2020-29004 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack. | 6.8 |
2020-12-21 | CVE-2020-35626 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. | 6.8 |