Vulnerabilities > Mediawiki

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-18	CVE-2020-35477	Always-Incorrect Control Flow Implementation vulnerability in multiple products MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. network low complexity mediawiki debian fedoraproject CWE-670	5.3
2020-12-18	CVE-2020-35475	Cross-site Scripting vulnerability in multiple products In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. network low complexity mediawiki debian fedoraproject CWE-79	7.5
2020-12-18	CVE-2020-35474	Cross-site Scripting vulnerability in multiple products In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML. network low complexity mediawiki fedoraproject CWE-79	6.1
2020-11-24	CVE-2020-29003	Cross-site Scripting vulnerability in Mediawiki The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll. network low complexity mediawiki CWE-79	5.4
2020-11-24	CVE-2020-29002	Cross-site Scripting vulnerability in Mediawiki includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator. network low complexity mediawiki CWE-79	4.8
2020-10-28	CVE-2020-27957	Cross-site Scripting vulnerability in Mediawiki The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. network low complexity mediawiki CWE-79	5.4
2020-10-22	CVE-2020-27621	Unspecified vulnerability in Mediawiki The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. network low complexity mediawiki	4.3
2020-10-22	CVE-2020-27620	Cross-site Scripting vulnerability in Mediawiki Skin:Cosmos 1.34.0/1.35.0 The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. network low complexity mediawiki CWE-79	6.1
2020-09-27	CVE-2020-26121	Incorrect Authorization vulnerability in multiple products An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. network low complexity mediawiki fedoraproject CWE-863	7.5
2020-09-27	CVE-2020-26120	Cross-site Scripting vulnerability in multiple products XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. network low complexity mediawiki fedoraproject CWE-79	6.1

Vulnerabilities > Mediawiki {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Mediawiki"}]}

Vulnerabilities > Mediawiki