GCVE - cpe:2.3:a:mediawiki:checkuser:*:*:*:*:*:mediawiki:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mediawiki:checkuser:*:*:*:*:*:mediawiki:*:*

part: a version: * update: *

Vendor	Mediawiki (`cdb1ca1d-4622-5407-a7d8-3e891579b8c5`)
Product	Checkuser (`c587287c-d580-5dbf-8b08-2012fceb8734`)
Edition	*
Language	*
Software edition	*
Target software	mediawiki
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/wikimedia/mediawiki-extensions-checkuser`	purl2cpe	2026-06-01 10:10:57.562123

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-34090`	vulnerable	2026-06-03 15:22:09.003684	Suggested investigations: Handle suppressed usernames Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser. This issue affects CheckUser: from 1.45.0 before 1.45.2. Published: 2026-05-11T14:50:50.318Z Updated: 2026-05-11T15:51:32.487Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T411366	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67478`	vulnerable	2026-06-03 15:11:01.604784	Wrong E-Mail address composition for usernames with a comma and Umlauts in it like "Döe, Jähn" Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files includes/Mail/UserMailer.Php. This issue affects CheckUser: from * before 1.39.14, 1.43.4, 1.44.1. Published: 2026-02-03T01:14:17.814Z Updated: 2026-03-02T17:43:34.432Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T385403	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-61658`	vulnerable	2026-06-03 15:07:56.972616	Special:GlobalContributions shows edits on wikis the viewer doesn't have access to Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/GlobalContributions/GlobalContributionsPager.Php. This issue affects CheckUser: from * before 1.43.4, 1.44.1. Published: 2026-02-03T00:59:30.322Z Updated: 2026-03-03T15:45:22.658Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T404805	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-61651`	vulnerable	2026-06-03 15:07:56.958947	i18n XSS through Special:CheckUser CheckUser helper Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js. This issue affects CheckUser: from * before 1.44.1. Published: 2026-02-03T00:53:14.630Z Updated: 2026-02-03T21:08:33.097Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T403408	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-61648`	vulnerable	2026-06-03 15:07:56.957875	Stored XSS through system messages in CheckUser Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/ShowIPButton.Vue, modules/ext.CheckUser.TempAccounts/SpecialBlock.Js. This issue affects CheckUser: from * before 1.44.1. Published: 2026-02-03T00:19:43.150Z Updated: 2026-02-03T21:06:55.920Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T402077	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-18611`	vulnerable	2026-06-03 14:39:57.437539	Details available An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API. Published: 2019-10-29T15:41:24.000Z Updated: 2024-08-05T01:54:14.553Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T234862 https://gerrit.wikimedia.org/r/q/Ie0aa0df2b3f03d8b910733f1b5e600a0dc978765	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-16529`	vulnerable	2026-06-03 14:39:54.607807	Details available An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki's permissions model. Published: 2020-03-19T22:51:21.000Z Updated: 2024-08-05T01:17:39.610Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T207094 https://phabricator.wikimedia.org/rECHU22ddd638ba79903361df88c755232a532cbdbfb3	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.