Vulnerabilities > Mediawiki > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-29 | CVE-2022-29907 | Cross-site Scripting vulnerability in Mediawiki The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages. | 6.1 |
| 2022-03-30 | CVE-2022-28202 | Cross-site Scripting vulnerability in multiple products An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. | 6.1 |
| 2022-01-24 | CVE-2022-21710 | Cross-site Scripting vulnerability in Mediawiki Shortdescription ShortDescription is a MediaWiki extension that provides local short description support. | 6.1 |
| 2022-01-10 | CVE-2021-46146 | Cross-site Scripting vulnerability in Mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. | 5.4 |
| 2022-01-10 | CVE-2021-46148 | Information Exposure vulnerability in Mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. | 6.5 |
| 2022-01-10 | CVE-2021-46150 | Cross-site Scripting vulnerability in Mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. | 4.8 |
| 2021-12-24 | CVE-2021-45471 | In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. | 5.3 |
| 2021-12-24 | CVE-2021-45472 | Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used. | 6.1 |
| 2021-12-24 | CVE-2021-45473 | Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar). | 6.1 |
| 2021-12-24 | CVE-2021-45474 | Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter. | 6.1 |