Vulnerabilities > Mediawiki > High

DATE CVE VULNERABILITY TITLE RISK
2021-01-29 CVE-2020-29005 Insufficiently Protected Credentials vulnerability in Mediawiki 1.22.15/1.5
The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.
network
low complexity
mediawiki CWE-522
7.5
2021-01-29 CVE-2020-29004 Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki 1.22.15/1.5
The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.
network
low complexity
mediawiki CWE-352
8.8
2020-12-21 CVE-2020-35626 Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki
An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1.
network
low complexity
mediawiki CWE-352
8.8
2020-12-21 CVE-2020-35625 Missing Authorization vulnerability in Mediawiki
An issue was discovered in the Widgets extension for MediaWiki through 1.35.1.
network
low complexity
mediawiki CWE-862
8.8
2020-12-21 CVE-2020-35623 Use of Incorrectly-Resolved Name or Reference vulnerability in Mediawiki
An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1.
network
low complexity
mediawiki CWE-706
7.5
2020-12-18 CVE-2020-35475 Cross-site Scripting vulnerability in multiple products
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML.
network
low complexity
mediawiki debian fedoraproject CWE-79
7.5
2020-09-27 CVE-2020-26121 Incorrect Authorization vulnerability in multiple products
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-863
7.5
2020-09-27 CVE-2020-25869 Incorrect Authorization vulnerability in multiple products
An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-863
7.5
2020-09-27 CVE-2020-25827 Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-307
7.5
2020-04-21 CVE-2020-12051 Unspecified vulnerability in Mediawiki
The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request.
network
low complexity
mediawiki
7.5