Widgets Security Vulnerabilities and Issues — Widgets CVE List

Widgets ProjectWidgets

2 matches found

CVE•added 2020/02/24 10:17 p.m.•60 views

CVE-2020-9382

The CVE-2020-9382 entry refers to the MediaWiki Widgets extension (versions up to 1.4.0). The issue is due to improper title sanitization, allowing any wiki page to be executed as a widget via the {{#widget:}} parser function. Affected component: Widgets extension for MediaWiki; root cause: title...

5.5CVSS6.3AI score0.00388EPSS

CVE•added 2015/09/01 2:0 p.m.•48 views

CVE-2015-6737

CVE-2015-6737 is a MediaWiki Widgets extension XSS vulnerability. Remote attackers could inject arbitrary script/HTML via base64-encoded content. Affected: MediaWiki Widgets extension. Root cause: cross-site scripting in the Widgets template. Impact documented as possible remote code execution vi...

4.3CVSS5.5AI score0.00407EPSS