Vulnerabilities > Mediawiki

DATE CVE VULNERABILITY TITLE RISK
2021-04-09 CVE-2021-30152 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki debian fedoraproject CWE-732
4.0
2021-04-09 CVE-2021-30155 Missing Authorization vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki debian fedoraproject CWE-862
4.0
2021-04-09 CVE-2021-30156 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki fedoraproject CWE-732
4.0
2021-04-09 CVE-2021-30159 An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki debian fedoraproject
4.0
2021-04-06 CVE-2021-30154 Cross-site Scripting vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
4.3
2021-04-06 CVE-2021-30157 Cross-site Scripting vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
4.3
2021-04-06 CVE-2021-30158 Improper Authentication vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki debian fedoraproject CWE-287
5.0
2021-01-29 CVE-2020-29004 Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki
The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.
network
mediawiki CWE-352
6.8
2021-01-29 CVE-2020-29005 Insufficiently Protected Credentials vulnerability in Mediawiki
The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.
network
low complexity
mediawiki CWE-522
5.0
2020-12-21 CVE-2020-35622 Cross-site Scripting vulnerability in Mediawiki
An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1.
network
mediawiki CWE-79
4.3