Search CVE reports


Toggle filters

161 – 170 of 345 results


CVE-2020-29003

Medium priority
Needs evaluation

The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show less packages

CVE-2020-29002

Medium priority
Needs evaluation

includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show less packages

CVE-2020-25828

Medium priority
Not affected

An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and...

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Not affected Not affected Not affected Ignored Ignored
Show less packages

CVE-2020-25827

Medium priority
Not affected

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done...

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Not affected Not affected Not affected Ignored Ignored
Show less packages

CVE-2020-25815

Medium priority
Not affected

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped()...

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Not affected Not affected Not affected Ignored Ignored
Show less packages

CVE-2020-25814

Medium priority
Not affected

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The...

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Not affected Not affected Not affected Ignored Ignored
Show less packages

CVE-2020-25813

Medium priority
Not affected

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users.

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Not affected Not affected Not affected Ignored Ignored
Show less packages

CVE-2020-25812

Medium priority
Not affected

An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those...

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Not affected Not affected Not affected Ignored Ignored
Show less packages

CVE-2020-15005

Medium priority

Some fixes available 12 of 15

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so...

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Fixed Fixed Fixed Vulnerable Vulnerable
Show less packages

CVE-2020-10959

Medium priority
Not affected

resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Not affected
Show less packages