Mediawiki Titleicon Extension
Approved changes feed: RSS · Atom
cpe:2.3:a:wikimedia_foundation:mediawiki_-_titleicon_extension:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Wikimedia Foundation (f7943c01-50f6-53ec-b645-b355c8f75e02) |
|---|---|
| Product | Mediawiki Titleicon Extension (633b91d5-de38-5fe9-9fa4-79f1a5f295a4) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-7363 |
vulnerable | 2026-06-03 15:12:31.017253 |
TitleIcon: Stored Cross-Site Scripting (XSS) via #titleicon_unicode parser function
The TitleIcon extension for MediaWiki is vulnerable to stored XSS through the #titleicon_unicode parser function. User input passed to this function is wrapped in an HtmlArmor object without sanitization and rendered directly into the page header, allowing attackers to inject arbitrary JavaScript.
This issue affects Mediawiki - TitleIcon extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Published: 2025-07-08T17:27:17.643Z
Updated: 2025-07-10T14:07:16.818Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.