CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-23146

Malware in sbrugna...

6.1CVSS6.3AI score0.00468EPSS

Exploits1References5

RedhatCVE•added 2025/05/22 3:27 p.m.•2 views

CVE-2020-27620

The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups...

6.1CVSS5.9AI score0.00528EPSS

Exploits0

Github Security Blog•added 2024/05/05 9:30 p.m.•10 views

MediaWiki UnlinkedWikibase Cross-site Scripting vulnerability

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.42.0. XSS can occur through an interface message. Error messages in the $err var are not escaped before being passed to Html::rawElement in the getError function in the Hooks class...

6.1CVSS6.7AI score0.00299EPSS

Exploits0References7Affected Software1

Cvelist•added 2024/05/05 12:0 a.m.•14 views

CVE-2024-34500

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages in the $err var are not escaped before being passed to Html::rawElement in the getError function in the...

7AI score0.00299EPSS

Exploits0References3

Veracode•added 2020/12/19 1:34 a.m.•21 views

Cross-site Scripting (XSS)

In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML...

6.1CVSS0.5AI score0.00468EPSS

Exploits1References5Affected Software1