Vulnerabilities > Mediawiki
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-24 | CVE-2022-21710 | Cross-site Scripting vulnerability in Mediawiki Shortdescription ShortDescription is a MediaWiki extension that provides local short description support. | 6.1 |
2022-01-10 | CVE-2021-46146 | Cross-site Scripting vulnerability in Mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. | 5.4 |
2022-01-10 | CVE-2021-46147 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. | 8.8 |
2022-01-10 | CVE-2021-46148 | Information Exposure vulnerability in Mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. | 6.5 |
2022-01-10 | CVE-2021-46149 | Resource Exhaustion vulnerability in Mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. | 7.5 |
2022-01-10 | CVE-2021-46150 | Cross-site Scripting vulnerability in Mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. | 4.8 |
2021-12-24 | CVE-2021-45471 | In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. | 5.3 |
2021-12-24 | CVE-2021-45472 | Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used. | 6.1 |
2021-12-24 | CVE-2021-45473 | Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar). | 6.1 |
2021-12-24 | CVE-2021-45474 | Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter. | 6.1 |