Vulnerabilities > Wikimedia

DATE CVE VULNERABILITY TITLE RISK
2024-10-05 CVE-2024-47841 Path Traversal vulnerability in Wikimedia Wikimedia-Extensions-Css
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9.
network
low complexity
wikimedia CWE-22
7.5
2024-10-05 CVE-2024-47840 Cross-site Scripting vulnerability in Wikimedia Apex
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Apex skin allows Stored XSS.This issue affects Mediawiki - Apex skin: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.
network
low complexity
wikimedia CWE-79
4.8
2024-10-05 CVE-2024-47845 Improper Encoding or Escaping of Output vulnerability in Wikimedia Wikimedia-Extensions-Css
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.
network
low complexity
wikimedia CWE-116
8.2
2023-01-05 CVE-2018-25065 Cross-site Scripting vulnerability in Wikimedia Mediawiki-Extensions-I18Ntags
A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic.
network
low complexity
wikimedia CWE-79
6.1
2021-04-21 CVE-2020-36324 Cross-site Scripting vulnerability in Wikimedia Analytics-Quarry-Web
Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type.
network
wikimedia CWE-79
4.3
2021-04-09 CVE-2021-30458 Cross-site Scripting vulnerability in Wikimedia Parsoid
An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2.
network
wikimedia CWE-79
4.3
2019-11-27 CVE-2019-19329 Cross-site Scripting vulnerability in Wikimedia Wikidata Query GUI
In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS.
network
wikimedia CWE-79
4.3
2019-11-27 CVE-2019-19328 Cross-site Scripting vulnerability in Wikimedia Wikidata Query GUI
ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities.
network
wikimedia CWE-79
4.3
2019-11-27 CVE-2019-19327 Cross-site Scripting vulnerability in Wikimedia Wikidata Query GUI
ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds.
network
wikimedia CWE-79
4.3