Vulnerabilities > Mediawiki

DATE CVE VULNERABILITY TITLE RISK
2021-01-29 CVE-2020-29005 Insufficiently Protected Credentials vulnerability in Mediawiki
The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.
network
low complexity
mediawiki CWE-522
7.5
2021-01-29 CVE-2020-29004 Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki
The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.
network
low complexity
mediawiki CWE-352
8.8
2020-12-21 CVE-2020-35626 Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki
An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1.
network
low complexity
mediawiki CWE-352
8.8
2020-12-21 CVE-2020-35625 Missing Authorization vulnerability in Mediawiki
An issue was discovered in the Widgets extension for MediaWiki through 1.35.1.
network
low complexity
mediawiki CWE-862
8.8
2020-12-21 CVE-2020-35624 Information Exposure Through Discrepancy vulnerability in Mediawiki
An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1.
network
low complexity
mediawiki CWE-203
5.3
2020-12-21 CVE-2020-35623 Use of Incorrectly-Resolved Name or Reference vulnerability in Mediawiki
An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1.
network
low complexity
mediawiki CWE-706
7.5
2020-12-21 CVE-2020-35622 Cross-site Scripting vulnerability in Mediawiki
An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1.
network
low complexity
mediawiki CWE-79
6.1
2020-12-18 CVE-2020-35480 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in MediaWiki before 1.35.1.
network
low complexity
mediawiki debian fedoraproject CWE-203
5.3
2020-12-18 CVE-2020-35479 Cross-site Scripting vulnerability in multiple products
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php.
network
low complexity
mediawiki debian fedoraproject CWE-79
6.1
2020-12-18 CVE-2020-35478 Cross-site Scripting vulnerability in multiple products
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php.
network
low complexity
mediawiki fedoraproject CWE-79
6.1