Vulnerabilities > Mediawiki > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-22 | CVE-2020-27620 | Cross-site Scripting vulnerability in Mediawiki Skin:Cosmos 1.34.0/1.35.0 The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. | 6.1 |
| 2020-09-27 | CVE-2020-26120 | Cross-site Scripting vulnerability in multiple products XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. | 6.1 |
| 2020-09-27 | CVE-2020-25828 | Cross-site Scripting vulnerability in multiple products An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. | 6.1 |
| 2020-09-27 | CVE-2020-25815 | Cross-site Scripting vulnerability in multiple products An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. | 6.1 |
| 2020-09-27 | CVE-2020-25814 | Cross-site Scripting vulnerability in multiple products In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. | 6.1 |
| 2020-09-27 | CVE-2020-25813 | In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users. | 5.3 |
| 2020-09-27 | CVE-2020-25812 | Cross-site Scripting vulnerability in multiple products An issue was discovered in MediaWiki 1.34.x before 1.34.4. | 6.1 |
| 2020-06-02 | CVE-2020-10959 | Open Redirect vulnerability in Mediawiki resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page. | 6.1 |
| 2020-04-03 | CVE-2020-10960 | Injection vulnerability in Mediawiki In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. | 5.3 |
| 2020-03-19 | CVE-2019-16529 | Unspecified vulnerability in Mediawiki Checkuser An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. | 5.3 |