Mediawiki

Mediawiki

371 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2020-35479

Exploit
  • EPSS 0.86%
  • Published 18.12.2020 08:15:15
  • Last modified 21.11.2024 05:27:22

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects Me...

5.3

CVE-2020-35480

  • EPSS 0.34%
  • Published 18.12.2020 08:15:15
  • Last modified 21.11.2024 05:27:22

An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing s...

4.8

CVE-2020-29002

Exploit
  • EPSS 0.22%
  • Published 24.11.2020 06:15:12
  • Last modified 21.11.2024 05:23:28

includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.

5.4

CVE-2020-29003

Exploit
  • EPSS 0.29%
  • Published 24.11.2020 06:15:12
  • Last modified 21.11.2024 05:23:28

The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.

5.4

CVE-2020-27957

Exploit
  • EPSS 0.32%
  • Published 28.10.2020 03:15:12
  • Last modified 21.11.2024 05:22:07

The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the ...

4.3

CVE-2020-27621

Exploit
  • EPSS 0.26%
  • Published 22.10.2020 04:15:12
  • Last modified 21.11.2024 05:21:30

The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitt...

6.1

CVE-2020-26120

Exploit
  • EPSS 0.28%
  • Published 27.09.2020 21:15:13
  • Last modified 21.11.2024 05:19:17

XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, ...

7.5

CVE-2020-26121

  • EPSS 0.16%
  • Published 27.09.2020 21:15:13
  • Last modified 21.11.2024 05:19:17

An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a...

6.1

CVE-2020-25812

  • EPSS 0.37%
  • Published 27.09.2020 21:15:12
  • Last modified 21.11.2024 05:18:49

An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to in...

5.3

CVE-2020-25813

  • EPSS 0.37%
  • Published 27.09.2020 21:15:12
  • Last modified 21.11.2024 05:18:49

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users.