Approved changes feed: RSS · Atom

cpe:2.3:a:wikimedia_foundation:mediawiki_-_msupload_extension:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorWikimedia Foundation (f7943c01-50f6-53ec-b645-b355c8f75e02)
ProductMediawiki Msupload Extension (809a1211-3555-52d6-8815-f3c111863283)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-7362 vulnerable 2026-06-08 07:43:18.410282 MsUpload: Stored Cross-Site Scripting (XSS) via unsanitized msu-continue system message
The MsUpload extension for MediaWiki is vulnerable to stored XSS via the msu-continue system message, which is inserted into the DOM without proper sanitization. The vulnerability occurs in the file upload UI when the same filename is uploaded twice. This issue affects Mediawiki - MsUpload extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Published: 2025-07-08T17:22:35.364Z
Updated: 2025-07-10T13:19:38.972Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.