Vulnerabilities > Mediawiki

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-18	CVE-2020-35475	Cross-site Scripting vulnerability in multiple products In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. network low complexity mediawiki debian fedoraproject CWE-79	7.5
2020-12-18	CVE-2020-35474	Cross-site Scripting vulnerability in multiple products In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML. network low complexity mediawiki fedoraproject CWE-79	6.1
2020-11-24	CVE-2020-29003	Cross-site Scripting vulnerability in Mediawiki The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll. network mediawiki CWE-79	3.5
2020-11-24	CVE-2020-29002	Cross-site Scripting vulnerability in Mediawiki includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator. network mediawiki CWE-79	3.5
2020-10-28	CVE-2020-27957	Cross-site Scripting vulnerability in Mediawiki The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. network mediawiki CWE-79	3.5
2020-10-22	CVE-2020-27621	Unspecified vulnerability in Mediawiki The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. network low complexity mediawiki	4.0
2020-10-22	CVE-2020-27620	Cross-site Scripting vulnerability in Mediawiki Skin:Cosmos The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. network mediawiki CWE-79	4.3
2020-09-27	CVE-2020-26121	Incorrect Authorization vulnerability in multiple products An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. network low complexity mediawiki fedoraproject CWE-863	7.5
2020-09-27	CVE-2020-26120	Cross-site Scripting vulnerability in multiple products XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. network low complexity mediawiki fedoraproject CWE-79	6.1
2020-09-27	CVE-2020-25869	Incorrect Authorization vulnerability in multiple products An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. network low complexity mediawiki fedoraproject CWE-863	7.5

Vulnerabilities > Mediawiki {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Mediawiki"}]}

Vulnerabilities > Mediawiki