CVE-2026-39934 Growth Experiments ReassignMenteesJob runs as an infinite loop

Loop with unreachable exit condition 'infinite loop' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use TOCTOU Race Conditions. This issue was remediated only on the master branch...

CVE-2026-22713

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - GrowthExperiments Extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-22713

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - GrowthExperiments Extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-22713

The CVE concerns the Wikimedia Foundation MediaWiki GrowthExperiments Extension, where a Cross-Site Scripting (XSS) vulnerability arises from improper neutralization of input during web page generation, exposed through edit summaries. Affected versions are 1.39–1.45. The confirmed impact is XSS i...

CVE-2025-62661

Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension:...

CVE-2025-62661

The CVE-2025-62661 issue targets Wikimedia Foundation MediaWiki extensions (Thanks Extension and Growth Experiments Extension). The root cause is incorrect default permissions that allow access to functionality not properly constrained by ACLs. Affected products include the Thanks Extension and G...

EUVD-2025-35215

Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension:...

MediaWiki - Thanks Extension和MediaWiki - Growth Experiments Extension 安全漏洞

MediaWiki - Thanks Extension and MediaWiki - Growth Experiments Extension are both open source MediaWiki products.MediaWiki - Thanks Extension is a thanks extension.MediaWiki - Growth Experiments Extension is a web extension. A security vulnerability exists in MediaWiki - Thanks Extension and...

CVE-2025-62667

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39...

Mediawiki - GrowthExperiments Extension 安全漏洞

Mediawiki - GrowthExperiments Extension is an extension to MediaWiki designed to increase new user engagement and the quality of content contributions through a task system, a recommendation mechanism and a mentor feature. A cross-site scripting vulnerability exists in Mediawiki - GrowthExperimen...

EUVD-2025-10825

Malicious code in bioql PyPI...

CVE-2025-32067 i18n XSS vulnerability in message growthexperiments

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Growth Experiments Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Growth Experiments Extension: from 1.39 through 1.43...

MediaWiki 输入验证错误漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the Wikimedia USA Foundation. The product can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki - Growth Experiments Extension versions 1.39...

PT-2023-22165 · Mediawiki +1 · Growthexperiments +1

Name of the Vulnerable Software and Affected Versions: GrowthExperiments extension for MediaWiki versions through 1.39.3 Description: An issue in the GrowthExperiments extension for MediaWiki allows the UserImpactHandler to inadvertently return the timezone preference for arbitrary users. This ca...