2 matches found
PT-2020-6810 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.31.x through 1.31.9 MediaWiki versions 1.32.x through 1.34.x before 1.34.4 Description: The issue is related to errors in permission handling in the Special:UserRights component of MediaWiki. This can allow a remote...
PT-2020-16223 · Wikimedia +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.32.x through 1.34.x before 1.34.4 Description: An issue was discovered where the LogEventList::getFiltersDesc function is insecurely using message text to build options names for an HTML multi-select field. The relevant...