Widgets CVEs and Security Vulnerabilities

Filtered by vendor Widgets Project Subscriptions

Filtered by product Widgets Subscriptions

Switch to Advanced Search (Beta)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2015-6737	1 Widgets Project	1 Widgets	2025-04-12	N/A
Cross-site scripting (XSS) vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content.
CVE-2020-9382	1 Widgets Project	1 Widgets	2024-11-21	5.4 Medium
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's {{#widget:}} parser function.

Page 1 of 1.