Vulnerabilities > Mediawiki > Mediawiki > 1.35
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-21 | CVE-2020-35622 | Cross-site Scripting vulnerability in Mediawiki An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. | 4.3 |
2020-12-18 | CVE-2020-35479 | Cross-site Scripting vulnerability in multiple products MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. | 6.1 |
2020-12-18 | CVE-2020-35478 | Cross-site Scripting vulnerability in multiple products MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. | 6.1 |
2020-10-22 | CVE-2020-27621 | Unspecified vulnerability in Mediawiki The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. | 4.0 |
2020-01-08 | CVE-2020-6163 | Cross-site Scripting vulnerability in Mediawiki 1.35 The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file). | 4.3 |
2019-12-19 | CVE-2019-19910 | Cross-site Scripting vulnerability in Mediawiki 1.34/1.35 The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client's IP address). | 4.3 |