Vulnerabilities > Mediawiki > Mediawiki > 1.33.3

DATE CVE VULNERABILITY TITLE RISK
2020-11-24 CVE-2020-29002 Cross-site Scripting vulnerability in Mediawiki
includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.
network
mediawiki CWE-79
3.5
3.5
2020-10-28 CVE-2020-27957 Cross-site Scripting vulnerability in Mediawiki
The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data.
network
mediawiki CWE-79
3.5
3.5
2020-10-22 CVE-2020-27621 Unspecified vulnerability in Mediawiki
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address.
network
low complexity
mediawiki
4.0
4.0
2020-09-27 CVE-2020-26121 Incorrect Authorization vulnerability in multiple products
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-863
7.5
7.5
2020-09-27 CVE-2020-26120 Cross-site Scripting vulnerability in multiple products
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2020-09-27 CVE-2020-25869 Incorrect Authorization vulnerability in multiple products
An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-863
7.5
7.5
2020-09-27 CVE-2020-25828 Cross-site Scripting vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2020-09-27 CVE-2020-25827 Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-307
7.5
7.5
2020-09-27 CVE-2020-25815 Cross-site Scripting vulnerability in multiple products
An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2020-09-27 CVE-2020-25814 Cross-site Scripting vulnerability in multiple products
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1