Skip to main content
CVE-2020-25827 HIGH POC PATCH This Week

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mediawiki Fedora
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-26116 HIGH POC PATCH This Week

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Python Fedora Ubuntu Linux Solidfire +4
NVD
CVSS 3.1
7.2
EPSS
6.4%
CVE-2020-26120 MEDIUM POC This Month

XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki Fedora
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-26117 HIGH PATCH This Week

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Tigervnc Debian Linux Leap
NVD GitHub
CVSS 3.1
8.1
EPSS
3.1%
CVE-2020-26121 HIGH PATCH This Week

An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Mediawiki Fedora
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-25869 HIGH This Week

An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mediawiki Fedora
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-25828 MEDIUM PATCH This Month

An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mediawiki Fedora
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-25815 MEDIUM PATCH This Month

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mediawiki Fedora
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-25814 MEDIUM PATCH This Month

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mediawiki Fedora
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-25812 MEDIUM PATCH This Month

An issue was discovered in MediaWiki 1.34.x before 1.34.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mediawiki Fedora
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-25813 MEDIUM PATCH This Month

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mediawiki Fedora
NVD
CVSS 3.1
5.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy