VYPR

Widgets extension

by MediaWiki

CVEs (1)

  • CVE-2020-35625Dec 21, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smarty…