Vulnerabilities > Mediawiki > Mediawiki > 1.35.2

DATE CVE VULNERABILITY TITLE RISK
2021-10-06 CVE-2021-42042 Cross-site Scripting vulnerability in Mediawiki
An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2.
network
mediawiki CWE-79
3.5
3.5
2021-10-06 CVE-2021-42043 Cross-site Scripting vulnerability in Mediawiki
An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2.
network
mediawiki CWE-79
4.3
4.3
2021-10-06 CVE-2021-42044 Cross-site Scripting vulnerability in Mediawiki
An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2.
network
mediawiki CWE-79
3.5
3.5
2021-08-12 CVE-2021-31556 Improper Validation of Specified Quantity in Input vulnerability in multiple products
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2.
network
low complexity
mediawiki fedoraproject CWE-1284
critical
 9.8
9.8
2021-07-02 CVE-2021-35197 Incorrect Authorization vulnerability in multiple products
In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access.
network
low complexity
mediawiki debian fedoraproject CWE-863
7.5
7.5
2021-07-02 CVE-2021-36125 Infinite Loop vulnerability in Mediawiki
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36.
network
low complexity
mediawiki CWE-835
5.0
5.0
2021-07-02 CVE-2021-36126 Unspecified vulnerability in Mediawiki
An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36.
network
low complexity
mediawiki
7.5
7.5
2021-07-02 CVE-2021-36127 Insecure Storage of Sensitive Information vulnerability in Mediawiki
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36.
network
low complexity
mediawiki CWE-922
4.0
4.0
2021-07-02 CVE-2021-36128 Improper Handling of Exceptional Conditions vulnerability in Mediawiki
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36.
network
low complexity
mediawiki CWE-755
7.5
7.5
2021-07-02 CVE-2021-36129 Incorrect Permission Assignment for Critical Resource vulnerability in Mediawiki
An issue was discovered in the Translate extension in MediaWiki through 1.36.
network
low complexity
mediawiki CWE-732
4.0
4.0