Known Vulnerabilities for products from Mediawiki
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Mediawiki".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-21710 | ShortDescription is a MediaWiki extension that provides local short description support. A cross-site scripting (XSS) vulnera... | 6.1 - MEDIUM | 2022-01-24 | 2022-01-28 |
| CVE-2021-42049 | An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversig... | 6.5 - MEDIUM | 2022-09-29 | 2022-09-30 |
| CVE-2021-42048 | An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to t... | 4.8 - MEDIUM | 2022-09-29 | 2022-09-30 |
| CVE-2021-42047 | An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature en... | 5.4 - MEDIUM | 2022-09-29 | 2022-09-30 |
| CVE-2021-42046 | An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes message... | 6.1 - MEDIUM | 2022-09-29 | 2022-09-30 |
| CVE-2021-42045 | An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create... | 5.4 - MEDIUM | 2022-09-29 | 2022-10-03 |
| CVE-2021-42044 | An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexp... | 4.8 - MEDIUM | 2021-10-06 | 2021-10-14 |
| CVE-2021-42043 | An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text ... | 6.1 - MEDIUM | 2021-10-06 | 2021-10-14 |
| CVE-2021-42042 | An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growth... | 4.8 - MEDIUM | 2021-10-06 | 2021-10-14 |
| CVE-2021-42041 | An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly s... | 6.1 - MEDIUM | 2021-10-06 | 2021-10-14 |
| CVE-2021-42040 | An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (... | 7.5 - HIGH | 2021-10-06 | 2021-10-14 |
| CVE-2021-41801 | The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a ... | 8.8 - HIGH | 2021-10-11 | 2023-11-07 |
| CVE-2021-41800 | MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting ... | 5.3 - MEDIUM | 2021-10-11 | 2023-11-07 |
| CVE-2021-41799 | MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryB... | 7.5 - HIGH | 2021-10-11 | 2023-11-07 |
| CVE-2021-41798 | MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search ... | 6.1 - MEDIUM | 2021-10-11 | 2023-11-07 |
| CVE-2021-36132 | An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $w... | 8.8 - HIGH | 2021-07-02 | 2021-07-07 |
| CVE-2021-36131 | An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privilege... | 4.8 - MEDIUM | 2021-07-02 | 2021-07-07 |
| CVE-2021-36130 | An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pag... | 4.8 - MEDIUM | 2021-07-02 | 2021-07-07 |
| CVE-2021-36129 | An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not ... | 4.3 - MEDIUM | 2021-07-02 | 2021-07-07 |
| CVE-2021-36128 | An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression... | 9.8 - CRITICAL | 2021-07-02 | 2022-07-12 |
Known software with vulnerabilities from Mediawiki
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Mediawiki | Abusefilter | 1.19 |
| Application | Mediawiki | Checkuser | 1.19 |
| Application | Mediawiki | Mediawiki | - |
| Application | Mediawiki | Mobilefrontend | 1.31.0 |
| Application | Mediawiki | Rssreader | 0.2 |
| Application | Mediawiki | Skin | cosmos |
| Application | Mediawiki | Visual Editor | 1.34 |