Vulnerabilities > Mediawiki > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-19 | CVE-2019-15124 | Cross-site Scripting vulnerability in Mediawiki Mobilefrontend 1.31.0/1.32.0/1.33.0 In the MobileFrontend extension for MediaWiki, XSS exists within the edit summary field of the watchlist feed. | 6.1 |
| 2020-01-28 | CVE-2013-6455 | Information Exposure vulnerability in Mediawiki The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page. | 5.3 |
| 2020-01-28 | CVE-2013-6451 | Cross-site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values. | 6.1 |
| 2020-01-27 | CVE-2014-9481 | Information Exposure vulnerability in Mediawiki The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML. | 5.9 |
| 2020-01-08 | CVE-2020-6163 | Cross-site Scripting vulnerability in Mediawiki 1.35 The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file). | 6.1 |
| 2019-12-19 | CVE-2019-19910 | Cross-site Scripting vulnerability in Mediawiki 1.34/1.35 The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client's IP address). | 6.1 |
| 2019-12-11 | CVE-2013-4303 | Cross-site Scripting vulnerability in Mediawiki includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php. | 6.1 |
| 2019-12-11 | CVE-2019-19709 | Open Redirect vulnerability in multiple products MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. | 6.1 |
| 2019-12-11 | CVE-2019-19708 | Cross-site Scripting vulnerability in Mediawiki Visual Editor 1.34 The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute. | 6.1 |
| 2019-11-15 | CVE-2019-18987 | Information Exposure vulnerability in Mediawiki Abusefilter An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. | 5.3 |