Vulnerabilities > Mediawiki
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-29 | CVE-2020-29005 | Insufficiently Protected Credentials vulnerability in Mediawiki The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure. | 7.5 |
2021-01-29 | CVE-2020-29004 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack. | 8.8 |
2020-12-21 | CVE-2020-35626 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. | 8.8 |
2020-12-21 | CVE-2020-35625 | Missing Authorization vulnerability in Mediawiki An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. | 8.8 |
2020-12-21 | CVE-2020-35624 | Information Exposure Through Discrepancy vulnerability in Mediawiki An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. | 5.3 |
2020-12-21 | CVE-2020-35623 | Use of Incorrectly-Resolved Name or Reference vulnerability in Mediawiki An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. | 7.5 |
2020-12-21 | CVE-2020-35622 | Cross-site Scripting vulnerability in Mediawiki An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. | 6.1 |
2020-12-18 | CVE-2020-35480 | Information Exposure Through Discrepancy vulnerability in multiple products An issue was discovered in MediaWiki before 1.35.1. | 5.3 |
2020-12-18 | CVE-2020-35479 | Cross-site Scripting vulnerability in multiple products MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. | 6.1 |
2020-12-18 | CVE-2020-35478 | Cross-site Scripting vulnerability in multiple products MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. | 6.1 |