Vulnerabilities > Wikimedia

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-05	CVE-2024-47841	Path Traversal vulnerability in Wikimedia Wikimedia-Extensions-Css Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9. network low complexity wikimedia CWE-22	7.5
2024-10-05	CVE-2024-47840	Cross-site Scripting vulnerability in Wikimedia Apex Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Apex skin allows Stored XSS.This issue affects Mediawiki - Apex skin: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. network low complexity wikimedia CWE-79	4.8
2024-10-05	CVE-2024-47845	Improper Encoding or Escaping of Output vulnerability in Wikimedia Wikimedia-Extensions-Css Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. network low complexity wikimedia CWE-116	8.2
2023-01-05	CVE-2018-25065	Cross-site Scripting vulnerability in Wikimedia Mediawiki-Extensions-I18Ntags A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. network low complexity wikimedia CWE-79	6.1
2021-04-21	CVE-2020-36324	Cross-site Scripting vulnerability in Wikimedia Analytics-Quarry-Web Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type. network wikimedia CWE-79	4.3
2021-04-09	CVE-2021-30458	Cross-site Scripting vulnerability in Wikimedia Parsoid An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. network wikimedia CWE-79	4.3
2019-11-27	CVE-2019-19329	Cross-site Scripting vulnerability in Wikimedia Wikidata Query GUI In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. network wikimedia CWE-79	4.3
2019-11-27	CVE-2019-19328	Cross-site Scripting vulnerability in Wikimedia Wikidata Query GUI ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. network wikimedia CWE-79	4.3
2019-11-27	CVE-2019-19327	Cross-site Scripting vulnerability in Wikimedia Wikidata Query GUI ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. network wikimedia CWE-79	4.3

Vulnerabilities > Wikimedia {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Wikimedia"}]}

Vulnerabilities > Wikimedia