Widgets Project: Security Vulnerabilities
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's {{#widget:}} parser function.
CVSS Score
5.4
EPSS Score
0.004
Published
2020-02-24
Cross-site scripting (XSS) vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content.
CVSS Score
4.3
EPSS Score
0.004
Published
2015-09-01