Mediawiki Securepoll Extension
Approved changes feed: RSS · Atom
cpe:2.3:a:wikimedia_foundation:mediawiki_-_securepoll_extension:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Wikimedia Foundation (f7943c01-50f6-53ec-b645-b355c8f75e02) |
|---|---|
| Product | Mediawiki Securepoll Extension (e5b31afd-681c-5477-b68e-0d7c3628c03e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-53485 |
vulnerable | 2026-06-03 15:03:54.144096 |
SecurePoll: Unauthorized access to SetTranslationHandler allows arbitrary text changes
SetTranslationHandler.php does not validate that the user is an election admin, allowing any (even unauthenticated) user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing.
This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Published: 2025-07-04T17:39:36.272Z
Updated: 2025-07-08T17:38:04.023Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53484 |
vulnerable | 2026-06-03 15:03:54.143814 |
SecurePoll: Multiple locations vulnerable to Cross-Site Scripting (XSS) via unescaped input
User-controlled inputs are improperly escaped in:
*
VotePage.php (poll option input)
*
ResultPage::getPagesTab() and getErrorsTab() (user-controllable page names)
This allows attackers to inject JavaScript and compromise user sessions under certain conditions.
This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Published: 2025-07-04T17:34:24.470Z
Updated: 2025-07-08T17:38:09.511Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53483 |
vulnerable | 2026-06-03 15:03:54.143457 |
SecurePoll: Multiple admin actions vulnerable to Cross-Site Request Forgery
ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage#executeClear() do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site.
This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Published: 2025-07-04T17:28:40.374Z
Updated: 2025-07-08T17:38:14.909Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.