Vulnerabilities > Mediawiki > Mediawiki > 1.36.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-24 | CVE-2021-45474 | Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter. | 6.1 |
| 2021-12-20 | CVE-2021-44858 | Incorrect Default Permissions vulnerability in Mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. | 7.5 |
| 2021-12-17 | CVE-2021-44857 | Missing Authorization vulnerability in Mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. | 6.5 |
| 2021-12-17 | CVE-2021-45038 | Information Exposure vulnerability in Mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. | 5.3 |
| 2021-10-11 | CVE-2021-41798 | Cross-site Scripting vulnerability in multiple products MediaWiki before 1.36.2 allows XSS. | 6.1 |
| 2021-10-11 | CVE-2021-41799 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). | 7.5 |
| 2021-10-11 | CVE-2021-41800 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). | 5.3 |
| 2021-10-11 | CVE-2021-41801 | Unspecified vulnerability in Mediawiki The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. | 8.8 |
| 2021-10-06 | CVE-2021-42040 | Infinite Loop vulnerability in Mediawiki An issue was discovered in MediaWiki through 1.36.2. | 5.0 |
| 2021-10-06 | CVE-2021-42041 | Cross-site Scripting vulnerability in Mediawiki An issue was discovered in CentralAuth in MediaWiki through 1.36.2. | 4.3 |