Vulnerabilities > Mediawiki > Mediawiki > 1.32.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-21 | CVE-2020-35624 | Information Exposure Through Discrepancy vulnerability in Mediawiki An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. | 5.0 |
| 2020-12-21 | CVE-2020-35623 | Insufficiently Protected Credentials vulnerability in Mediawiki An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. | 5.0 |
| 2020-12-21 | CVE-2020-35622 | Cross-site Scripting vulnerability in Mediawiki An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. | 4.3 |
| 2020-12-18 | CVE-2020-35479 | Cross-site Scripting vulnerability in multiple products MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. | 6.1 |
| 2020-11-24 | CVE-2020-29003 | Cross-site Scripting vulnerability in Mediawiki The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll. | 3.5 |
| 2020-11-24 | CVE-2020-29002 | Cross-site Scripting vulnerability in Mediawiki includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator. | 3.5 |
| 2020-10-28 | CVE-2020-27957 | Cross-site Scripting vulnerability in Mediawiki The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. | 3.5 |
| 2020-10-22 | CVE-2020-27621 | Unspecified vulnerability in Mediawiki The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. | 4.0 |
| 2020-09-27 | CVE-2020-26121 | Incorrect Authorization vulnerability in multiple products An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. | 7.5 |
| 2020-09-27 | CVE-2020-26120 | Cross-site Scripting vulnerability in multiple products XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. | 6.1 |