VYPR

SportsTeams

by MediaWiki

CVEs (3)

  • CVE-2023-45370Oct 9, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and…

  • CVE-2023-45374Oct 9, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams.

  • CVE-2021-36131Jul 2, 2021
    risk 0.00cvss epss 0.00

    An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users.