GCVE - cpe:2.3:a:wikimedia_foundation:checkuser:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:wikimedia_foundation:checkuser:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Wikimedia Foundation (`f7943c01-50f6-53ec-b645-b355c8f75e02`)
Product	Checkuser (`9d06f1fd-ae11-5fe6-8d90-0b15448d62be`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-34090`	vulnerable	2026-06-03 15:22:09.002588	Suggested investigations: Handle suppressed usernames Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser. This issue affects CheckUser: from 1.45.0 before 1.45.2. Published: 2026-05-11T14:50:50.318Z Updated: 2026-05-11T15:51:32.487Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T411366	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67478`	vulnerable	2026-06-03 15:11:01.603806	Wrong E-Mail address composition for usernames with a comma and Umlauts in it like "Döe, Jähn" Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files includes/Mail/UserMailer.Php. This issue affects CheckUser: from * before 1.39.14, 1.43.4, 1.44.1. Published: 2026-02-03T01:14:17.814Z Updated: 2026-03-02T17:43:34.432Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T385403	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-61658`	vulnerable	2026-06-03 15:07:56.972574	Special:GlobalContributions shows edits on wikis the viewer doesn't have access to Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/GlobalContributions/GlobalContributionsPager.Php. This issue affects CheckUser: from * before 1.43.4, 1.44.1. Published: 2026-02-03T00:59:30.322Z Updated: 2026-03-03T15:45:22.658Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T404805	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-61651`	vulnerable	2026-06-03 15:07:56.958909	i18n XSS through Special:CheckUser CheckUser helper Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js. This issue affects CheckUser: from * before 1.44.1. Published: 2026-02-03T00:53:14.630Z Updated: 2026-02-03T21:08:33.097Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T403408	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-61650`	vulnerable	2026-06-03 15:07:56.958604	UserInfoCard is vulnerable to message key stored XSS Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from * before 795bf333272206a0189050d975e94b70eb7dc507. Published: 2026-02-03T00:15:24.056Z Updated: 2026-02-03T21:06:17.624Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T403289	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-61649`	vulnerable	2026-06-03 15:07:56.958248	UserInfoCard: Check that performing user has permission to view log entries for number of past blocks Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from 7cedd58781d261f110651b6af4f41d2d11ae7309. Published: 2026-02-03T00:17:18.105Z Updated: 2026-03-03T15:46:41.380Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T397396	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-61648`	vulnerable	2026-06-03 15:07:56.956684	Stored XSS through system messages in CheckUser Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/ShowIPButton.Vue, modules/ext.CheckUser.TempAccounts/SpecialBlock.Js. This issue affects CheckUser: from * before 1.44.1. Published: 2026-02-03T00:19:43.150Z Updated: 2026-02-03T21:06:55.920Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T402077	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-61647`	vulnerable	2026-06-03 15:07:56.956176	UserInfoCard: Don't allow access to information about users who are suppressed if you don't have suppressor rights Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Api/Rest/Handler/UserInfoHandler.Php. This issue affects CheckUser: from a3dc1bbcc33acbcca6831d6afaccbb1054c93a57, 0584eb2ad564648aa3ce9c555dd044dda02b55f4. Published: 2026-02-03T00:02:04.402Z Updated: 2026-03-03T15:41:15.912Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T399093	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.