Vulnerabilities > Mediawiki > Mediawiki > 1.33.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-24 | CVE-2020-29002 | Cross-site Scripting vulnerability in Mediawiki includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator. | 3.5 |
2020-10-28 | CVE-2020-27957 | Cross-site Scripting vulnerability in Mediawiki The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. | 3.5 |
2020-10-22 | CVE-2020-27621 | Unspecified vulnerability in Mediawiki The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. | 4.0 |
2020-09-27 | CVE-2020-26121 | Incorrect Authorization vulnerability in multiple products An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. | 7.5 |
2020-09-27 | CVE-2020-26120 | Cross-site Scripting vulnerability in multiple products XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. | 6.1 |
2020-09-27 | CVE-2020-25869 | Incorrect Authorization vulnerability in multiple products An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. | 7.5 |
2020-09-27 | CVE-2020-25828 | Cross-site Scripting vulnerability in multiple products An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. | 6.1 |
2020-09-27 | CVE-2020-25827 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. | 7.5 |
2020-09-27 | CVE-2020-25815 | Cross-site Scripting vulnerability in multiple products An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. | 6.1 |
2020-09-27 | CVE-2020-25814 | Cross-site Scripting vulnerability in multiple products In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. | 6.1 |