Vulnerabilities > Mediawiki > Mediawiki > 1.36.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-02 | CVE-2022-34911 | Cross-site Scripting vulnerability in multiple products An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. | 6.1 |
2022-07-02 | CVE-2022-34912 | An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. | 6.1 |
2022-04-29 | CVE-2022-29906 | Missing Authorization vulnerability in Mediawiki The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user. | 9.8 |
2022-03-30 | CVE-2022-28205 | Unspecified vulnerability in Mediawiki An issue was discovered in MediaWiki through 1.37.1. | 9.8 |
2022-03-30 | CVE-2022-28206 | Unspecified vulnerability in Mediawiki An issue was discovered in MediaWiki through 1.37.1. | 9.8 |
2022-03-30 | CVE-2022-28209 | Unspecified vulnerability in Mediawiki An issue was discovered in Mediawiki through 1.37.1. | 9.8 |
2021-12-24 | CVE-2021-45471 | In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. | 5.3 |
2021-12-24 | CVE-2021-45472 | Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used. | 6.1 |
2021-12-24 | CVE-2021-45474 | Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter. | 6.1 |