Vulnerabilities > Widgets Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-24 | CVE-2020-9382 | Incorrect Permission Assignment for Critical Resource vulnerability in Widgets Project Widgets An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. | 5.5 |
2015-09-01 | CVE-2015-6737 | Cross-site Scripting vulnerability in Widgets Project Widgets Cross-site scripting (XSS) vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content. | 4.3 |