mediawiki/core Security Advisories for 1.31.4 (7)
-
[MEDIUM] MediaWiki allows a denial of service
PKSA-qcmj-k84v-rjky CVE-2021-41800 GHSA-c8wv-qwwc-6j73
Affected version: <1.36.2
Reported by:
GitHub -
Non-jqueryMsg version of mw.message(…).parse() doesn't escape HTML
PKSA-z45m-sh5c-325v CVE-2020-25828
Affected version: >=1.31.0,<1.31.9|>=1.34.0,<1.34.3|>=1.34.99,<1.35.0
Reported by:
FriendsOfPHP/security-advisories -
mw.message.parse() accepts javascript: protocol in wikilinks
PKSA-2scp-v3wb-xcgz CVE-2020-25814
Affected version: >=1.31.0,<1.31.9|>=1.34.0,<1.34.3|>=1.34.99,<1.35.0
Reported by:
FriendsOfPHP/security-advisories -
Special:UserRights exposes the existence of hidden users
PKSA-d4kb-dkjp-1n1j CVE-2020-25813
Affected version: >=1.31.0,<1.31.9|>=1.34.0,<1.34.3
Reported by:
FriendsOfPHP/security-advisories -
makeCollapsible allows applying event handler to any CSS selector
PKSA-pvds-fsx9-62mq CVE-2020-10960
Affected version: >=1.31.0,<1.31.7|>=1.33.0,<1.33.3|>=1.34.0,<1.34.1
Reported by:
FriendsOfPHP/security-advisories -
TOTP throttle not enforced cross-wiki
PKSA-mshv-sn4g-n4ty CVE-2020-25827
Affected version: >=1.31.0,<1.31.9|>=1.34.0,<1.34.3
Reported by:
FriendsOfPHP/security-advisories -
Possible to circumvent title-blacklist
PKSA-cs63-3stv-1jvc CVE-2019-19709
Affected version: >=1.31.0,<1.31.6|>=1.32.0,<1.32.6|>=1.33.0,<1.33.2|>=1.33.99,<1.34.0
Reported by:
FriendsOfPHP/security-advisories