GCVE - cpe:2.3:a:mediawiki:visual_editor:*:*:*:*:*:mediawiki:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mediawiki:visual_editor:*:*:*:*:*:mediawiki:*:*

part: a version: * update: *

Vendor	Mediawiki (`cdb1ca1d-4622-5407-a7d8-3e891579b8c5`)
Product	Visual Editor (`b9e98684-dc76-5c3d-8871-59ba74021e4f`)
Edition	*
Language	*
Software edition	*
Target software	mediawiki
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/wikimedia/mediawiki-extensions-visualeditor`	purl2cpe	2026-06-01 10:10:57.582526

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-61656`	vulnerable	2026-06-03 15:07:56.969675	XSS when pasting into VE Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files src/ce/ve.Ce.ClipboardHandler.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1. Published: 2026-02-03T01:02:48.955Z Updated: 2026-02-03T21:00:33.782Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T397232	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-61655`	vulnerable	2026-06-03 15:07:56.968402	Stored XSS through system messages in VisualEditor Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files includes/ApiVisualEditorEdit.Php, modules/ve-mw/init/targets/ve.Init.Mw.DesktopArticleTarget.Js, modules/ve-mw/ui/dialogs/ve.Ui.MWSaveDialog.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1. Published: 2026-02-03T01:04:35.944Z Updated: 2026-02-03T21:00:52.979Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T395858	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-19708`	vulnerable	2026-06-03 14:40:05.609553	Details available The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute. Published: 2019-12-11T01:33:31.000Z Updated: 2024-08-05T02:25:12.405Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T239209 https://gerrit.wikimedia.org/r/q/I1f99458fd2c4f6b2460dfe7a93b330ddee4400b6	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.