Vulnerabilities > Mediawiki > Mediawiki > 1.33.3

DATE CVE VULNERABILITY TITLE RISK
2020-12-21 CVE-2020-35624 Information Exposure Through Discrepancy vulnerability in Mediawiki
An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1.
network
low complexity
mediawiki CWE-203
5.0
5.0
2020-12-21 CVE-2020-35623 Insufficiently Protected Credentials vulnerability in Mediawiki
An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1.
network
low complexity
mediawiki CWE-522
5.0
5.0
2020-12-21 CVE-2020-35622 Cross-site Scripting vulnerability in Mediawiki
An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1.
network
mediawiki CWE-79
4.3
4.3
2020-12-18 CVE-2020-35480 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in MediaWiki before 1.35.1.
network
low complexity
mediawiki debian fedoraproject CWE-203
5.3
5.3
2020-12-18 CVE-2020-35479 Cross-site Scripting vulnerability in multiple products
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php.
network
low complexity
mediawiki debian fedoraproject CWE-79
6.1
6.1
2020-12-18 CVE-2020-35478 Cross-site Scripting vulnerability in multiple products
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2020-12-18 CVE-2020-35477 Always-Incorrect Control Flow Implementation vulnerability in multiple products
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations.
network
low complexity
mediawiki debian fedoraproject CWE-670
5.3
5.3
2020-12-18 CVE-2020-35475 Cross-site Scripting vulnerability in multiple products
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML.
network
low complexity
mediawiki debian fedoraproject CWE-79
7.5
7.5
2020-12-18 CVE-2020-35474 Cross-site Scripting vulnerability in multiple products
In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2020-11-24 CVE-2020-29003 Cross-site Scripting vulnerability in Mediawiki
The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.
network
mediawiki CWE-79
3.5
3.5