Vulnerabilities > Mediawiki > High

DATE CVE VULNERABILITY TITLE RISK
2021-07-02 CVE-2021-36126 Unspecified vulnerability in Mediawiki
An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36.
network
low complexity
mediawiki
7.5
7.5
2021-07-02 CVE-2021-36128 Improper Handling of Exceptional Conditions vulnerability in Mediawiki
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36.
network
low complexity
mediawiki CWE-755
7.5
7.5
2020-12-18 CVE-2020-35475 Cross-site Scripting vulnerability in multiple products
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML.
network
low complexity
mediawiki debian fedoraproject CWE-79
7.5
7.5
2020-09-27 CVE-2020-26121 Incorrect Authorization vulnerability in multiple products
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-863
7.5
7.5
2020-09-27 CVE-2020-25869 Incorrect Authorization vulnerability in multiple products
An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-863
7.5
7.5
2020-09-27 CVE-2020-25827 Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-307
7.5
7.5
2020-03-12 CVE-2020-10534 Improper Privilege Management vulnerability in Mediawiki
In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges.
network
low complexity
mediawiki CWE-269
7.5
7.5
2019-07-10 CVE-2019-12468 Missing Authentication for Critical Function vulnerability in multiple products
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1.
network
low complexity
mediawiki debian CWE-306
7.5
7.5
2018-04-13 CVE-2017-0372 Injection vulnerability in multiple products
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
network
low complexity
mediawiki debian CWE-74
7.5
7.5
2017-11-15 CVE-2017-8809 Injection vulnerability in multiple products
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
network
low complexity
mediawiki debian CWE-74
7.5
7.5