Vulnerabilities > Mediawiki > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-12-21 CVE-2020-35622 Cross-site Scripting vulnerability in Mediawiki
An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1.
network
low complexity
mediawiki CWE-79
6.1
6.1
2020-12-18 CVE-2020-35480 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in MediaWiki before 1.35.1.
network
low complexity
mediawiki debian fedoraproject CWE-203
5.3
5.3
2020-12-18 CVE-2020-35479 Cross-site Scripting vulnerability in multiple products
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php.
network
low complexity
mediawiki debian fedoraproject CWE-79
6.1
6.1
2020-12-18 CVE-2020-35478 Cross-site Scripting vulnerability in multiple products
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2020-12-18 CVE-2020-35477 Always-Incorrect Control Flow Implementation vulnerability in multiple products
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations.
network
low complexity
mediawiki debian fedoraproject CWE-670
5.3
5.3
2020-12-18 CVE-2020-35474 Cross-site Scripting vulnerability in multiple products
In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2020-11-24 CVE-2020-29003 Cross-site Scripting vulnerability in Mediawiki
The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.
network
low complexity
mediawiki CWE-79
5.4
5.4
2020-11-24 CVE-2020-29002 Cross-site Scripting vulnerability in Mediawiki
includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.
network
low complexity
mediawiki CWE-79
4.8
4.8
2020-10-28 CVE-2020-27957 Cross-site Scripting vulnerability in Mediawiki
The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data.
network
low complexity
mediawiki CWE-79
5.4
5.4
2020-10-22 CVE-2020-27621 Unspecified vulnerability in Mediawiki
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address.
network
low complexity
mediawiki
4.3
4.3