Vulnerabilities > Mediawiki > Mediawiki > 1.35.11

DATE CVE VULNERABILITY TITLE RISK
2022-04-29 CVE-2022-29906 Missing Authorization vulnerability in Mediawiki
The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user.
network
low complexity
mediawiki CWE-862
critical
 9.8
9.8
2021-12-24 CVE-2021-45471 In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items.
network
low complexity
mediawiki fedoraproject
5.3
5.3
2021-12-24 CVE-2021-45472 Cross-site Scripting vulnerability in multiple products
In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2021-12-24 CVE-2021-45474 Cross-site Scripting vulnerability in multiple products
In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2021-10-11 CVE-2021-41798 Cross-site Scripting vulnerability in multiple products
MediaWiki before 1.36.2 allows XSS.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2021-10-11 CVE-2021-41799 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time).
network
low complexity
mediawiki fedoraproject CWE-770
7.5
7.5
2021-10-11 CVE-2021-41800 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time).
network
low complexity
mediawiki fedoraproject CWE-770
5.3
5.3