110 matches found
CVE-2026-39933
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension allows Cross-Site Scripting XSS. The issue has been remediated on the master branch, and in the release branches for MediaWiki version...
CVE-2026-39937
Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....
CVE-2026-22711
Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia Foundation Mediawiki - Wikilove Extension allows Cross-Site Scripting XSS.The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45...
CVE-2025-6596
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/portlets.Js, resources/skins.Vector.Legacy.Js/portlets.Js. This issue affects Vecto...
CVE-2025-6927 Autoblocks from global account suppressions are publicly visible
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php. This issue affects MediaWiki: from = 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...
CVE-2025-11175
Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extensio...
UBUNTU-CVE-2025-11175
Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extensio...
CVE-2025-11175 DiscussionTools should use better regex
Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extensio...
CVE-2025-11175
CVE-2025-11175 concerns the MediaWiki DiscussionTools extension (version 1.44 and 1.43 affected) and is caused by improper neutralization of certain expression language elements, enabling a Regular Expression exponential blowup. Public entries from NVD, Debian security tracker, and related OSV en...
CVE-2025-11175
Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extensio...
EUVD-2025-206571
Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extensio...
MediaWiki - DiscussionTools Extension security vulnerabilities
MediaWiki - DiscussionTools Extension is an open-source discussion page plugin for MediaWiki. The versions 1.44 and 1.43 of the MediaWiki - DiscussionTools Extension contain security vulnerabilities. These vulnerabilities stem from improper handling of special elements within expressions language...
CVE-2026-0817
Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39...
CVE-2026-22710
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Wikibase Extension: 1.45, 1.44, 1.43, 1.39...
CVE-2026-22714
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Monaco Skin allows Cross-Site Scripting XSS.This issue affects Mediawiki - Monaco Skin: 1.45, 1.44, 1.43, 1.39...
CVE-2026-0671
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki - UploadWizard extension allows Cross-Site Scripting XSS.This issue affects MediaWiki - UploadWizard extension: 1.45, 1.44, 1.43, 1.39...
CVE-2026-0817
Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39...
CVE-2026-0817
Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39...
CVE-2026-22714
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Monaco Skin allows Cross-Site Scripting XSS.This issue affects Mediawiki - Monaco Skin: 1.45, 1.44, 1.43, 1.39...
CVE-2026-22710
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Wikibase Extension: 1.45, 1.44, 1.43, 1.39...