Vulnerabilities > Mediawiki

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-18	CVE-2020-35478	Cross-site Scripting vulnerability in multiple products MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. network low complexity mediawiki fedoraproject CWE-79	6.1
2020-12-18	CVE-2020-35477	Always-Incorrect Control Flow Implementation vulnerability in multiple products MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. network low complexity mediawiki debian fedoraproject CWE-670	5.3
2020-12-18	CVE-2020-35475	Cross-site Scripting vulnerability in multiple products In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. network low complexity mediawiki debian fedoraproject CWE-79	7.5
2020-12-18	CVE-2020-35474	Cross-site Scripting vulnerability in multiple products In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML. network low complexity mediawiki fedoraproject CWE-79	6.1
2020-11-24	CVE-2020-29003	Cross-site Scripting vulnerability in Mediawiki The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll. network low complexity mediawiki CWE-79	5.4
2020-11-24	CVE-2020-29002	Cross-site Scripting vulnerability in Mediawiki includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator. network low complexity mediawiki CWE-79	4.8
2020-10-28	CVE-2020-27957	Cross-site Scripting vulnerability in Mediawiki The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. network low complexity mediawiki CWE-79	5.4
2020-10-22	CVE-2020-27621	Unspecified vulnerability in Mediawiki The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. network low complexity mediawiki	4.3
2020-10-22	CVE-2020-27620	Cross-site Scripting vulnerability in Mediawiki Skin:Cosmos 1.34.0/1.35.0 The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. network low complexity mediawiki CWE-79	6.1
2020-09-27	CVE-2020-26121	Incorrect Authorization vulnerability in multiple products An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. network low complexity mediawiki fedoraproject CWE-863	7.5

Vulnerabilities > Mediawiki {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Mediawiki"}]}

Vulnerabilities > Mediawiki