Mediawiki Msupload Extension
Approved changes feed: RSS · Atom
cpe:2.3:a:wikimedia_foundation:mediawiki_-_msupload_extension:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Wikimedia Foundation (f7943c01-50f6-53ec-b645-b355c8f75e02) |
|---|---|
| Product | Mediawiki Msupload Extension (809a1211-3555-52d6-8815-f3c111863283) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-7362 |
vulnerable | 2026-06-08 07:43:18.410282 |
MsUpload: Stored Cross-Site Scripting (XSS) via unsanitized msu-continue system message
The MsUpload extension for MediaWiki is vulnerable to stored XSS via the msu-continue system message, which is inserted into the DOM without proper sanitization. The vulnerability occurs in the file upload UI when the same filename is uploaded twice.
This issue affects Mediawiki - MsUpload extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Published: 2025-07-08T17:22:35.364Z
Updated: 2025-07-10T13:19:38.972Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.