Vulnerabilities > Mediawiki > Mediawiki > 1.34

DATE CVE VULNERABILITY TITLE RISK
2020-09-27 CVE-2020-26120 Cross-site Scripting vulnerability in multiple products
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2020-09-27 CVE-2020-25869 Incorrect Authorization vulnerability in multiple products
An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-863
7.5
7.5
2020-09-27 CVE-2020-25828 Cross-site Scripting vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2020-09-27 CVE-2020-25827 Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-307
7.5
7.5
2020-09-27 CVE-2020-25815 Cross-site Scripting vulnerability in multiple products
An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2020-09-27 CVE-2020-25814 Cross-site Scripting vulnerability in multiple products
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2020-09-27 CVE-2020-25813 In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users.
network
low complexity
mediawiki fedoraproject
5.3
5.3
2020-06-24 CVE-2020-15005 In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them.
network
high complexity
mediawiki fedoraproject debian
3.1
3.1
2020-06-02 CVE-2020-10959 Open Redirect vulnerability in Mediawiki
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.
network
mediawiki CWE-601
5.8
5.8
2020-04-03 CVE-2020-10960 Improper Encoding or Escaping of Output vulnerability in Mediawiki
In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page.
network
low complexity
mediawiki CWE-116
5.0
5.0