Vulnerabilities > Mediawiki

DATE CVE VULNERABILITY TITLE RISK
2021-10-11 CVE-2021-41798 Cross-site Scripting vulnerability in multiple products
MediaWiki before 1.36.2 allows XSS.
4.3
2021-10-11 CVE-2021-41799 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time).
network
low complexity
mediawiki fedoraproject CWE-770
5.0
2021-10-11 CVE-2021-41800 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time).
network
low complexity
mediawiki fedoraproject CWE-770
5.0
2021-10-11 CVE-2021-41801 Incorrect Authorization vulnerability in Mediawiki
The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control.
network
low complexity
mediawiki CWE-863
6.5
2021-10-06 CVE-2021-42040 Infinite Loop vulnerability in Mediawiki
An issue was discovered in MediaWiki through 1.36.2.
network
low complexity
mediawiki CWE-835
5.0
2021-10-06 CVE-2021-42041 Cross-site Scripting vulnerability in Mediawiki
An issue was discovered in CentralAuth in MediaWiki through 1.36.2.
network
mediawiki CWE-79
4.3
2021-10-06 CVE-2021-42042 Cross-site Scripting vulnerability in Mediawiki
An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2.
network
mediawiki CWE-79
3.5
2021-10-06 CVE-2021-42043 Cross-site Scripting vulnerability in Mediawiki
An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2.
network
mediawiki CWE-79
4.3
2021-10-06 CVE-2021-42044 Cross-site Scripting vulnerability in Mediawiki
An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2.
network
mediawiki CWE-79
3.5
2021-08-12 CVE-2021-31556 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mediawiki
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2.
network
low complexity
mediawiki CWE-327
7.5