Vulnerabilities > Mediawiki > Mediawiki > 1.35.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-24 | CVE-2021-45471 | In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. | 5.3 |
2021-12-24 | CVE-2021-45472 | Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used. | 6.1 |
2021-12-24 | CVE-2021-45474 | Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter. | 6.1 |
2021-10-11 | CVE-2021-41798 | Cross-site Scripting vulnerability in multiple products MediaWiki before 1.36.2 allows XSS. | 6.1 |
2021-10-11 | CVE-2021-41799 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). | 7.5 |
2021-10-11 | CVE-2021-41800 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). | 5.3 |
2021-07-02 | CVE-2021-36128 | Improper Handling of Exceptional Conditions vulnerability in Mediawiki An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. | 7.5 |