GCVE - cpe:2.3:a:wikimedia_foundation:mediawiki_-_uploadwizard

Approved changes feed: RSS · Atom

cpe:2.3:a:wikimedia_foundation:mediawiki_-_uploadwizard_extension:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Wikimedia Foundation (`f7943c01-50f6-53ec-b645-b355c8f75e02`)
Product	Mediawiki Uploadwizard Extension (`17f01dc1-c232-5d57-a80b-744d45e260c7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-0671`	vulnerable	2026-06-03 15:14:42.533670	Multiple stored i18n/message-key XSSes in UploadWizard Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - UploadWizard extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki - UploadWizard extension: 1.45, 1.44, 1.43, 1.39. Published: 2026-01-08T16:21:24.207Z Updated: 2026-01-08T20:13:46.101Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T407157 https://gerrit.wikimedia.org/r/q/I16de2211594ea9a686868ad7789f9879bf981fa1	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.