Vulnerabilities > Mediawiki > Mediawiki > 1.34
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-12 | CVE-2020-10534 | Improper Privilege Management vulnerability in Mediawiki In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. | 7.5 |
2019-12-19 | CVE-2019-19910 | Cross-site Scripting vulnerability in Mediawiki 1.34/1.35 The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client's IP address). | 4.3 |