GCVE - cpe:2.3:a:mediawiki:mediawiki:1.45.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mediawiki:mediawiki:1.45.0:*:*:*:*:*:*:*

part: a version: 1.45.0 update: *

Vendor	Mediawiki (`cdb1ca1d-4622-5407-a7d8-3e891579b8c5`)
Product	Mediawiki (`ab97168e-95e7-5d6e-a2ac-f8d27117dc4d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/wikimedia/mediawiki`	purl2cpe	2026-06-01 10:10:57.667217
`pkg:wikimedia/mediawiki`	purl2cpe	2026-06-01 10:10:57.667219

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-0668`	not_vulnerable	2026-06-03 15:14:42.514622	VisualData extension: Regular Expression Denial of Service (ReDoS) via crafted user input Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45. Published: 2026-01-07T17:36:19.258Z Updated: 2026-01-07T19:17:41.764Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T387008 https://gerrit.wikimedia.org/r/q/Ie08d9a8ceb2c9a22a635cfc27964353f14072dbf https://gerrit.wikimedia.org/r/q/Ifbf9c2ade621226e14fe852f3217293772bf8bb8 https://gerrit.wikimedia.org/r/q/I893a9fca694a2613e29e149dea2d76d7f06063e5 https://gerrit.wikimedia.org/r/q/I4ff2737c9f0ba805267d1fc8296e7cff61241ee3	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67484`	vulnerable	2026-06-03 15:11:01.618513	Action API xslt option allows JavaScript execution by administrators who are not interface administrators Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1. Published: 2026-02-03T01:24:56.405Z Updated: 2026-03-03T15:51:26.691Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T401995	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67483`	vulnerable	2026-06-03 15:11:01.617861	Theoretical i18n XSS in mediawiki.page.preview.js when a page has multiple protection levels Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from * before 1.43.6, 1.44.3, 1.45.1. Published: 2026-02-03T01:26:27.931Z Updated: 2026-02-03T21:02:32.581Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T409226	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67481`	vulnerable	2026-06-03 15:11:01.610581	mw.message(…).parse() doesn't output safe HTML, but it's being used as if it does Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1. Published: 2026-02-03T01:30:39.642Z Updated: 2026-02-03T15:31:43.813Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T251032	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67480`	vulnerable	2026-06-03 15:11:01.609991	list=allrevisions can be used to bypass Extension:Lockdown Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1. Published: 2026-02-03T01:23:01.717Z Updated: 2026-03-03T15:50:19.557Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T401053	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67477`	vulnerable	2026-06-03 15:11:01.601036	Stored XSS through a system message in Special:ApiSandbox Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from * before 1.44.3, 1.45.1. Published: 2026-02-03T01:16:40.616Z Updated: 2026-02-03T15:32:21.011Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T406639	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67476`	vulnerable	2026-06-03 15:11:01.600665	Importing leaks IP address of importer via EventStreams Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php. This issue affects MediaWiki: from * before 1.44.3, 1.45.1. Published: 2026-02-03T01:18:55.104Z Updated: 2026-03-02T17:45:36.993Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T405859	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67475`	vulnerable	2026-06-03 15:11:01.600097	Stored XSS through edit summaries in MW Core Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1. Published: 2026-02-03T01:21:09.480Z Updated: 2026-02-03T15:32:07.211Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T406664	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.