MediaWiki 1.37.0 Release Candidate 2

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:mediawiki:mediawiki:1.37.0:rc2:*:*:*:*:*:*

part: a version: 1.37.0 update: rc2

VendorMediawiki (cdb1ca1d-4622-5407-a7d8-3e891579b8c5)
ProductMediawiki (ab97168e-95e7-5d6e-a2ac-f8d27117dc4d)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/wikimedia/mediawiki purl2cpe 2026-06-01 10:10:57.618836
pkg:wikimedia/mediawiki purl2cpe 2026-06-01 10:10:57.618837

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2021-44856 vulnerable 2026-06-03 14:45:37.543014 Details available
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value.
Published: 2022-12-26T00:00:00.000Z
Updated: 2025-04-14T15:49:47.008Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-44855 vulnerable 2026-06-03 14:45:37.542555 Details available
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature.
Published: 2022-12-26T00:00:00.000Z
Updated: 2025-04-14T15:52:12.291Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-44854 vulnerable 2026-06-03 14:45:37.541992 Details available
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis.
Published: 2022-12-26T00:00:00.000Z
Updated: 2025-04-14T15:55:34.383Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.