Vulnerabilities > Mediawiki

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-29	CVE-2020-29004	Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack. network mediawiki CWE-352	6.8
2020-12-21	CVE-2020-35626	Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. network mediawiki CWE-352	6.8
2020-12-21	CVE-2020-35625	Incorrect Permission Assignment for Critical Resource vulnerability in Mediawiki An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. network low complexity mediawiki CWE-732	6.5
2020-12-21	CVE-2020-35624	Information Exposure Through Discrepancy vulnerability in Mediawiki An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. network low complexity mediawiki CWE-203	5.0
2020-12-21	CVE-2020-35623	Insufficiently Protected Credentials vulnerability in Mediawiki An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. network low complexity mediawiki CWE-522	5.0
2020-12-21	CVE-2020-35622	Cross-site Scripting vulnerability in Mediawiki An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. network mediawiki CWE-79	4.3
2020-12-18	CVE-2020-35480	Information Exposure Through Discrepancy vulnerability in multiple products An issue was discovered in MediaWiki before 1.35.1. network low complexity mediawiki debian fedoraproject CWE-203	5.3
2020-12-18	CVE-2020-35479	Cross-site Scripting vulnerability in multiple products MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. network low complexity mediawiki debian fedoraproject CWE-79	6.1
2020-12-18	CVE-2020-35478	Cross-site Scripting vulnerability in multiple products MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. network low complexity mediawiki fedoraproject CWE-79	6.1
2020-12-18	CVE-2020-35477	Always-Incorrect Control Flow Implementation vulnerability in multiple products MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. network low complexity mediawiki debian fedoraproject CWE-670	5.3

Vulnerabilities > Mediawiki {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Mediawiki"}]}

Vulnerabilities > Mediawiki