Vulnerabilities > Wikimedia
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-05 | CVE-2024-47841 | Path Traversal vulnerability in Wikimedia Wikimedia-Extensions-Css Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9. | 7.5 |
2024-10-05 | CVE-2024-47840 | Cross-site Scripting vulnerability in Wikimedia Apex Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Apex skin allows Stored XSS.This issue affects Mediawiki - Apex skin: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | 4.8 |
2024-10-05 | CVE-2024-47845 | Improper Encoding or Escaping of Output vulnerability in Wikimedia Wikimedia-Extensions-Css Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | 8.2 |
2023-01-05 | CVE-2018-25065 | Cross-site Scripting vulnerability in Wikimedia Mediawiki-Extensions-I18Ntags A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. | 6.1 |
2021-04-21 | CVE-2020-36324 | Cross-site Scripting vulnerability in Wikimedia Analytics-Quarry-Web Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type. | 4.3 |
2021-04-09 | CVE-2021-30458 | Cross-site Scripting vulnerability in Wikimedia Parsoid An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. | 4.3 |
2019-11-27 | CVE-2019-19329 | Cross-site Scripting vulnerability in Wikimedia Wikidata Query GUI In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. | 4.3 |
2019-11-27 | CVE-2019-19328 | Cross-site Scripting vulnerability in Wikimedia Wikidata Query GUI ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. | 4.3 |
2019-11-27 | CVE-2019-19327 | Cross-site Scripting vulnerability in Wikimedia Wikidata Query GUI ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. | 4.3 |