4 matches found
CVE-2025-7363
The TitleIcon extension for MediaWiki is vulnerable to stored XSS through the titleiconunicode parser function. User input passed to this function is wrapped in an HtmlArmor object without sanitization and rendered directly into the page header, allowing attackers to inject arbitrary JavaScript...
CVE-2025-7363
creationtimestamp| type| source ---|---|--- 2025-07-10 14:18:58+00:00| seen| Telegram/Oe0qoM8hEMHoP1XQ7W6-oqiMP31ASNvAnpa3YbmrnDuYpio...
CVE-2025-7363
The TitleIcon extension for MediaWiki is vulnerable to stored XSS through the titleiconunicode parser function. User input passed to this function is wrapped in an HtmlArmor object without sanitization and rendered directly into the page header, allowing attackers to inject arbitrary JavaScript...
CVE-2025-7363
The CVE-2025-7363 entry concerns the MediaWiki TitleIcon extension. Affected versions include 1.39.X before 1.39.13, 1.42.X before 1.42.7, and 1.43.X before 1.43.2. The root cause is un-sanitized input passed to the #titleicon_unicode parser function, wrapped in an HtmlArmor object and rendered i...