Vulnerabilities > Mediawiki

DATE CVE VULNERABILITY TITLE RISK
2021-10-06 CVE-2021-42043 Cross-site Scripting vulnerability in Mediawiki
An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2.
network
low complexity
mediawiki CWE-79
6.1
2021-10-06 CVE-2021-42044 Cross-site Scripting vulnerability in Mediawiki
An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2.
network
low complexity
mediawiki CWE-79
4.8
2021-08-12 CVE-2021-31556 Improper Validation of Specified Quantity in Input vulnerability in multiple products
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2.
network
low complexity
mediawiki fedoraproject CWE-1284
critical
9.8
2021-07-02 CVE-2021-35197 Incorrect Authorization vulnerability in multiple products
In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access.
network
low complexity
mediawiki debian fedoraproject CWE-863
7.5
2021-07-02 CVE-2021-36125 Infinite Loop vulnerability in Mediawiki
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36.
network
low complexity
mediawiki CWE-835
7.5
2021-07-02 CVE-2021-36126 Unspecified vulnerability in Mediawiki
An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36.
network
low complexity
mediawiki
critical
9.8
2021-07-02 CVE-2021-36127 Insecure Storage of Sensitive Information vulnerability in Mediawiki
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36.
network
low complexity
mediawiki CWE-922
4.3
2021-07-02 CVE-2021-36128 Improper Handling of Exceptional Conditions vulnerability in Mediawiki
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36.
network
low complexity
mediawiki CWE-755
critical
9.8
2021-07-02 CVE-2021-36129 Incorrect Permission Assignment for Critical Resource vulnerability in Mediawiki
An issue was discovered in the Translate extension in MediaWiki through 1.36.
network
low complexity
mediawiki CWE-732
4.3
2021-07-02 CVE-2021-36130 Cross-site Scripting vulnerability in Mediawiki
An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36.
network
low complexity
mediawiki CWE-79
4.8