Vulnerabilities > Mediawiki > Mediawiki > 1.36.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-29 | CVE-2022-29907 | Cross-site Scripting vulnerability in Mediawiki The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages. | 4.3 |
| 2022-03-30 | CVE-2022-28205 | Unspecified vulnerability in Mediawiki An issue was discovered in MediaWiki through 1.37.1. | 9.8 |
| 2022-03-30 | CVE-2022-28206 | Unspecified vulnerability in Mediawiki An issue was discovered in MediaWiki through 1.37.1. | 9.8 |
| 2022-03-30 | CVE-2022-28209 | Unspecified vulnerability in Mediawiki An issue was discovered in Mediawiki through 1.37.1. | 9.8 |
| 2022-03-30 | CVE-2022-28202 | Cross-site Scripting vulnerability in multiple products An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. | 6.1 |
| 2021-12-24 | CVE-2021-45471 | In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. | 5.3 |
| 2021-12-24 | CVE-2021-45472 | Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used. | 6.1 |
| 2021-12-24 | CVE-2021-45474 | Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter. | 6.1 |