Vulnerabilities > Mediawiki > Mediawiki > 1.33.3

DATE CVE VULNERABILITY TITLE RISK
2023-05-29 CVE-2022-41766 Incorrect Permission Assignment for Critical Resource vulnerability in Mediawiki
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3.
network
low complexity
mediawiki CWE-732
4.3
4.3
2023-04-15 CVE-2021-30153 Exposure of Resource to Wrong Sphere vulnerability in Mediawiki
An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki CWE-668
4.3
4.3
2023-03-31 CVE-2023-29141 An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3.
network
low complexity
mediawiki fedoraproject
critical
 9.8
9.8
2023-01-20 CVE-2023-22910 Cross-site Scripting vulnerability in Mediawiki
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1.
network
low complexity
mediawiki CWE-79
5.4
5.4
2023-01-20 CVE-2023-22912 Use of Insufficiently Random Values vulnerability in Mediawiki
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1.
network
low complexity
mediawiki CWE-330
5.3
5.3
2023-01-12 CVE-2022-47927 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1.
local
low complexity
mediawiki fedoraproject CWE-732
5.5
5.5
2023-01-11 CVE-2023-22945 Incorrect Authorization vulnerability in multiple products
In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.
network
low complexity
mediawiki fedoraproject CWE-863
4.3
4.3
2023-01-10 CVE-2023-22909 An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1.
network
low complexity
mediawiki fedoraproject
5.3
5.3
2023-01-10 CVE-2023-22911 Cross-site Scripting vulnerability in multiple products
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2022-12-26 CVE-2021-44856 Improper Check for Unusual or Exceptional Conditions vulnerability in Mediawiki
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
network
low complexity
mediawiki CWE-754
5.3
5.3