Vulnerabilities > Mediawiki > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-17 CVE-2021-44857 Missing Authorization vulnerability in Mediawiki
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
network
low complexity
mediawiki CWE-862
6.5
6.5
2021-12-17 CVE-2021-45038 Information Exposure vulnerability in Mediawiki
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
network
low complexity
mediawiki CWE-200
5.3
5.3
2021-10-11 CVE-2021-41798 Cross-site Scripting vulnerability in multiple products
MediaWiki before 1.36.2 allows XSS.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2021-10-11 CVE-2021-41800 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time).
network
low complexity
mediawiki fedoraproject CWE-770
5.3
5.3
2021-10-06 CVE-2021-42041 Cross-site Scripting vulnerability in Mediawiki
An issue was discovered in CentralAuth in MediaWiki through 1.36.2.
network
low complexity
mediawiki CWE-79
6.1
6.1
2021-10-06 CVE-2021-42042 Cross-site Scripting vulnerability in Mediawiki
An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2.
network
low complexity
mediawiki CWE-79
4.8
4.8
2021-10-06 CVE-2021-42043 Cross-site Scripting vulnerability in Mediawiki
An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2.
network
low complexity
mediawiki CWE-79
6.1
6.1
2021-10-06 CVE-2021-42044 Cross-site Scripting vulnerability in Mediawiki
An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2.
network
low complexity
mediawiki CWE-79
4.8
4.8
2021-07-02 CVE-2021-36127 Insecure Storage of Sensitive Information vulnerability in Mediawiki
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36.
network
low complexity
mediawiki CWE-922
4.3
4.3
2021-07-02 CVE-2021-36129 Incorrect Permission Assignment for Critical Resource vulnerability in Mediawiki
An issue was discovered in the Translate extension in MediaWiki through 1.36.
network
low complexity
mediawiki CWE-732
4.3
4.3