CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-9382

An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's {{#widget:}} parser function.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.3%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 5.5

References

Products affected by CVE-2020-9382

Widgets Project » Widgets » Version: N/A

cpe:2.3:a:widgets_project:widgets:-
Widgets Project » Widgets » Version: 0.10.1

cpe:2.3:a:widgets_project:widgets:0.10.1
Widgets Project » Widgets » Version: 1.0

cpe:2.3:a:widgets_project:widgets:1.0
Widgets Project » Widgets » Version: 1.2

cpe:2.3:a:widgets_project:widgets:1.2
Widgets Project » Widgets » Version: 1.2.1

cpe:2.3:a:widgets_project:widgets:1.2.1
Widgets Project » Widgets » Version: 1.3.0

cpe:2.3:a:widgets_project:widgets:1.3.0
Widgets Project » Widgets » Version: 1.4.0

cpe:2.3:a:widgets_project:widgets:1.4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-9382

Products

Pricing

Contact Us