Vulnerabilities > Mediawiki > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-29 | CVE-2020-29005 | Insufficiently Protected Credentials vulnerability in Mediawiki 1.22.15/1.5 The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure. | 7.5 |
2021-01-29 | CVE-2020-29004 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki 1.22.15/1.5 The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack. | 8.8 |
2020-12-21 | CVE-2020-35626 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. | 8.8 |
2020-12-21 | CVE-2020-35625 | Missing Authorization vulnerability in Mediawiki An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. | 8.8 |
2020-12-21 | CVE-2020-35623 | Use of Incorrectly-Resolved Name or Reference vulnerability in Mediawiki An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. | 7.5 |
2020-12-18 | CVE-2020-35475 | Cross-site Scripting vulnerability in multiple products In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. | 7.5 |
2020-09-27 | CVE-2020-26121 | Incorrect Authorization vulnerability in multiple products An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. | 7.5 |
2020-09-27 | CVE-2020-25869 | Incorrect Authorization vulnerability in multiple products An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. | 7.5 |
2020-09-27 | CVE-2020-25827 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. | 7.5 |
2020-04-21 | CVE-2020-12051 | Unspecified vulnerability in Mediawiki The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. | 7.5 |