Approved changes feed: RSS · Atom
cpe:2.3:a:wikimedia_foundation:mediawiki:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Wikimedia Foundation (f7943c01-50f6-53ec-b645-b355c8f75e02) |
|---|---|
| Product | Mediawiki (4814854a-3f8d-5609-ad81-927bc58f94a2) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-34095 |
vulnerable | 2026-06-03 15:22:09.006023 |
action=raw with Special:Mypage subpage title responds with "Content-Type: text/html" on ctype=text/javascript request
Vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Actions/ActionEntryPoint.Php, includes/Request/FauxResponse.Php.
This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
Published: 2026-05-11T16:53:25.421Z
Updated: 2026-05-11T18:04:03.036Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-34094 |
vulnerable | 2026-06-03 15:22:09.005508 |
Customized help link for page protection indicator is relative to subpage name, because the link target is missing the "/wiki/" prefix
Vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Page/Article.Php.
This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
Published: 2026-05-11T16:50:46.673Z
Updated: 2026-05-11T18:06:58.192Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-34093 |
vulnerable | 2026-06-03 15:22:09.005026 |
Special:UserRights allows viewing user rights from private wiki
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Specials/SpecialUserRights.Php.
This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
Published: 2026-05-11T16:48:19.486Z
Updated: 2026-05-11T18:15:08.684Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-34092 |
vulnerable | 2026-06-03 15:22:09.004507 |
Block UI elements in 'tools'-sidebar shows presence of an autoblocked IP
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Skin/Skin.Php.
This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
Published: 2026-05-11T15:00:29.819Z
Updated: 2026-05-11T15:50:58.247Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-34091 |
vulnerable | 2026-06-03 15:22:09.004068 |
User localization leaked by AbuseFilter + EventStream
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
Published: 2026-05-11T14:55:33.419Z
Updated: 2026-05-11T16:03:07.320Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-34088 |
vulnerable | 2026-06-03 15:22:08.998205 |
RecentChanges entries expose suppressed content via generated log page html
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
Published: 2026-05-11T14:43:44.882Z
Updated: 2026-05-11T16:03:31.132Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-6927 |
vulnerable | 2026-06-03 15:12:29.338373 |
Autoblocks from global account suppressions are publicly visible
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php.
This issue affects MediaWiki: from >= 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.
Published: 2026-02-02T22:55:09.395Z
Updated: 2026-03-03T15:38:16.920Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-6597 |
vulnerable | 2026-06-03 15:12:28.145284 |
MediaWiki should not consider autocreation as login for the purposes of security reauthentication
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/auth/AuthManager.Php.
This issue affects MediaWiki: from * before 1.39.13, 1.42.7, 1.43.2, 1.44.0.
Published: 2026-02-02T22:57:30.161Z
Updated: 2026-03-03T15:39:51.521Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-6594 |
vulnerable | 2026-06-03 15:12:28.133626 |
XSS in Special:ApiSandbox
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandbox.Js.
This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.
Published: 2026-02-02T23:00:57.791Z
Updated: 2026-02-03T20:02:11.156Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-6593 |
vulnerable | 2026-06-03 15:12:28.133325 |
"{{SITENAME}} registered email address has been changed" email sent to unverified email addresses
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php.
This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.
Published: 2026-02-02T23:01:28.857Z
Updated: 2026-02-04T14:45:35.068Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-6591 |
vulnerable | 2026-06-03 15:12:28.129786 |
HTML injection in API action=feedcontributions output from i18n message
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiFeedContributions.Php.
This issue affects MediaWiki: from * before 1.39.13, 1.42.7 1.43.2, 1.44.0.
Published: 2026-02-02T23:02:33.728Z
Updated: 2026-02-28T02:52:57.390Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-6590 |
vulnerable | 2026-06-03 15:12:28.129391 |
Complete content leak of private wikis due to PasswordReset Wikitext injection in error message
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php.
This issue affects MediaWiki: from * through 1.39.12, 1.42.76 1.43.1, 1.44.0.
Published: 2026-02-02T23:03:07.979Z
Updated: 2026-02-03T21:11:40.284Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-6589 |
vulnerable | 2026-06-03 15:12:28.128952 |
With MultiBlocks enabled and a user who is suppressed via a MultiBlock, a user without 'hideuser' can see the hidden username in the BlockList
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php.
This issue affects MediaWiki: >= 1.42.0.
Published: 2026-02-02T23:03:45.939Z
Updated: 2026-03-03T15:37:40.261Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-67484 |
vulnerable | 2026-06-03 15:11:01.618264 |
Action API xslt option allows JavaScript execution by administrators who are not interface administrators
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php.
This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
Published: 2026-02-03T01:24:56.405Z
Updated: 2026-03-03T15:51:26.691Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-67483 |
vulnerable | 2026-06-03 15:11:01.617790 |
Theoretical i18n XSS in mediawiki.page.preview.js when a page has multiple protection levels
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js.
This issue affects MediaWiki: from * before 1.43.6, 1.44.3, 1.45.1.
Published: 2026-02-03T01:26:27.931Z
Updated: 2026-02-03T21:02:32.581Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-67481 |
vulnerable | 2026-06-03 15:11:01.610440 |
mw.message(…).parse() doesn't output safe HTML, but it's being used as if it does
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js.
This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
Published: 2026-02-03T01:30:39.642Z
Updated: 2026-02-03T15:31:43.813Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-67480 |
vulnerable | 2026-06-03 15:11:01.609816 |
list=allrevisions can be used to bypass Extension:Lockdown
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php.
This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
Published: 2026-02-03T01:23:01.717Z
Updated: 2026-03-03T15:50:19.557Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-67479 |
vulnerable | 2026-06-03 15:11:01.606612 |
Magic word replacement in legacy parser allows using reserved data attributes through wikitext
Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Cite. This vulnerability is associated with program files includes/Parser/CoreParserFunctions.Php, includes/Parser/Sanitizer.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Cite: from * before 1.39.14, 1.43.4, 1.44.1.
Published: 2026-02-03T01:12:21.567Z
Updated: 2026-03-02T17:42:31.216Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-67477 |
vulnerable | 2026-06-03 15:11:01.600979 |
Stored XSS through a system message in Special:ApiSandbox
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js.
This issue affects MediaWiki: from * before 1.44.3, 1.45.1.
Published: 2026-02-03T01:16:40.616Z
Updated: 2026-02-03T15:32:21.011Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-67476 |
vulnerable | 2026-06-03 15:11:01.600501 |
Importing leaks IP address of importer via EventStreams
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php.
This issue affects MediaWiki: from * before 1.44.3, 1.45.1.
Published: 2026-02-03T01:18:55.104Z
Updated: 2026-03-02T17:45:36.993Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-67475 |
vulnerable | 2026-06-03 15:11:01.597659 |
Stored XSS through edit summaries in MW Core
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php.
This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
Published: 2026-02-03T01:21:09.480Z
Updated: 2026-02-03T15:32:07.211Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-61646 |
vulnerable | 2026-06-03 15:07:56.952345 |
Watchlist group mode reveals authors of edits with hidden authorship
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
Published: 2026-02-03T00:11:28.576Z
Updated: 2026-03-03T15:42:05.107Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-61645 |
vulnerable | 2026-06-03 15:07:56.952038 |
CodexTablePager has i18n XSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/pager/CodexTablePager.Php.
This issue affects MediaWiki: from * before 1.44.1.
Published: 2026-02-03T00:13:23.359Z
Updated: 2026-02-03T21:05:06.109Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-61644 |
vulnerable | 2026-06-03 15:07:56.951760 |
i18n XSS through Special:Watchlist
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js.
This issue affects MediaWiki: from * before > fb856ce9cf121e046305116852cca4899ecb48ca.
Published: 2026-02-02T23:57:17.522Z
Updated: 2026-02-03T21:03:59.441Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-61643 |
vulnerable | 2026-06-03 15:07:56.951350 |
EventStreams publishes suppressed recent change entries that are suppressed from their creation
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
Published: 2026-02-02T23:33:50.429Z
Updated: 2026-02-03T21:15:48.802Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-61642 |
vulnerable | 2026-06-03 15:07:56.950744 |
Stored XSS through system messages provided to CodexHtmlForms
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/CodexHTMLForm.Php, includes/htmlform/fields/HTMLButtonField.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
Published: 2026-02-02T23:36:42.550Z
Updated: 2026-02-03T21:16:42.867Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-61641 |
vulnerable | 2026-06-03 15:07:56.948530 |
API list=allpages with maxsize is making really slow queries
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
Published: 2026-02-02T23:39:38.847Z
Updated: 2026-03-03T15:43:22.749Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-61640 |
vulnerable | 2026-06-03 15:07:56.948211 |
Stored XSS through system messages in Special:RecentChangesLinked (MW Core)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/RclToOrFromWidget.Js.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
Published: 2026-02-02T23:42:03.791Z
Updated: 2026-02-03T21:09:52.646Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-61639 |
vulnerable | 2026-06-03 15:07:56.947847 |
Suppressed blocked IP is visible in Special:BlockList, RC, and other places
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
Published: 2026-02-02T23:48:02.939Z
Updated: 2026-02-03T21:10:13.392Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-61638 |
vulnerable | 2026-06-03 15:07:56.944247 |
Sanitizer::validateAttributes data-XSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, src/Core/Sanitizer.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Parsoid: from * before 0.16.6, 0.20.4, 0.21.1.
Published: 2026-02-02T23:52:10.457Z
Updated: 2026-02-03T21:10:33.348Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-61637 |
vulnerable | 2026-06-03 15:07:56.943807 |
Stored XSS through system messages in MW Core
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
Published: 2026-02-02T23:54:04.225Z
Updated: 2026-02-03T21:10:49.797Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-61636 |
vulnerable | 2026-06-03 15:07:56.943344 |
Codex Special:Block vulnerable to message key XSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
Published: 2026-02-02T23:23:27.050Z
Updated: 2026-02-03T21:13:13.672Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-61634 |
vulnerable | 2026-06-03 15:07:56.936135 |
HTML rest endpoint needs PoolCounter and proper parser cache check
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Rest/Handler/PageHTMLHandler.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
Published: 2026-02-02T23:28:53.841Z
Updated: 2026-02-03T21:15:20.700Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-3469 |
vulnerable | 2026-06-03 15:01:04.495673 |
i18n XSS vulnerability in HTMLMultiSelectField when sections are used
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php.
This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.
Published: 2025-04-10T18:28:13.370Z
Updated: 2025-11-03T19:53:59.985Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-32700 |
vulnerable | 2026-06-03 15:00:41.686818 |
AbuseFilter log interfaces expose global private and hidden filters when central DB is not available
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbuseLog.Php, includes/View/AbuseFilterViewExamine.Php.
This issue affects AbuseFilter: from >= 1.43.0 before 1.43.1.
Published: 2025-04-10T18:31:03.497Z
Updated: 2025-04-10T18:49:53.510Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-32699 |
vulnerable | 2026-06-03 15:00:41.683149 |
Potential javascript injection attack enabled by Unicode normalization in Action API
Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2.
Published: 2025-04-10T18:30:24.238Z
Updated: 2025-11-03T19:53:36.439Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-32698 |
vulnerable | 2026-06-03 15:00:41.682757 |
LogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictions
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/LogPager.Php.
This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.
Published: 2025-04-10T18:29:52.354Z
Updated: 2025-11-03T19:53:35.072Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-32697 |
vulnerable | 2026-06-03 15:00:41.682440 |
Cascading protection is not preventing file reversions
Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php.
This issue affects MediaWiki: before 1.42.6, 1.43.1.
Published: 2025-04-10T18:29:17.482Z
Updated: 2025-04-10T19:05:48.098Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-32696 |
vulnerable | 2026-06-03 15:00:41.682060 |
"reupload-own" restriction can be bypassed by reverting file
Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php.
This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.
Published: 2025-04-10T18:28:48.161Z
Updated: 2025-11-03T19:53:33.707Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-11261 |
vulnerable | 2026-06-03 14:58:35.833366 |
Stored i18n XSS exposed by security patch for T402077
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Language/mediawiki.Language.Js.
This issue affects MediaWiki: from * before 1.39.15, 1.43.5, 1.44.2.
Published: 2026-02-03T00:25:00.761Z
Updated: 2026-02-03T21:07:11.411Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-6455 |
vulnerable | 2026-06-03 14:33:26.440286 |
Details available
The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.
Published: 2020-01-28T14:54:22.000Z
Updated: 2024-08-06T17:39:01.461Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-6451 |
vulnerable | 2026-06-03 14:33:26.437946 |
Details available
Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.
Published: 2020-01-28T14:56:22.000Z
Updated: 2024-08-06T17:39:01.483Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-4572 |
vulnerable | 2026-06-03 14:33:18.120485 |
Details available
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.
Published: 2020-02-06T14:40:13.000Z
Updated: 2024-08-06T16:45:15.240Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-4303 |
vulnerable | 2026-06-03 14:33:10.982868 |
Details available
includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php.
Published: 2019-12-11T18:30:37.000Z
Updated: 2024-08-06T16:38:01.957Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.