37 matches found
CVE-2026-39934
Loop with unreachable exit condition 'infinite loop' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use TOCTOU Race Conditions. This issue was remediated only on the master branch...
CVE-2026-39934
Loop with unreachable exit condition 'infinite loop' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use TOCTOU Race Conditions. This issue was remediated only on the master branch...
CVE-2026-39934
The CVE-2026-39934 entry describes an infinite loop (unreachable exit condition) vulnerability in the Wikimedia Foundation’s MediaWiki GrowthExperiments Extension. Affected versions are 1.45.2, 1.44.4, and 1.43.7. The issue is described as a Time-of-Check and Time-of-Use (TOCTOU) race condition c...
PT-2026-31043
Loop with unreachable exit condition 'infinite loop' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use TOCTOU Race Conditions.This issue affects Mediawiki - GrowthExperiments Extension: 1.45.2, 1.44.4, 1.43.7...
CVE-2023-29137
An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users...
CVE-2026-22713
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - GrowthExperiments Extension: 1.45, 1.44, 1.43, 1.39...
CVE-2026-22713 Stored XSS through edit summaries in GrowthExperiments
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - GrowthExperiments Extension: 1.45, 1.44, 1.43, 1.39...
CVE-2026-22713 Stored XSS through edit summaries in GrowthExperiments
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - GrowthExperiments Extension: 1.45, 1.44, 1.43, 1.39...
MediaWiki - GrowthExperiments Extension 安全漏洞
MediaWiki - GrowthExperiments Extension is an open source plugin for MediaWiki. A security vulnerability exists in MediaWiki - GrowthExperiments Extension versions 1.45, 1.44, 1.43, and 1.39, which stems from improper input neutralization and could lead to a cross-site scripting attack...
PT-2026-2258
Name of the Vulnerable Software and Affected Versions Mediawiki - GrowthExperiments Extension versions 1.39 through 1.45 Description The Wikimedia Foundation Mediawiki - GrowthExperiments Extension is susceptible to a Cross-Site Scripting XSS issue due to improper neutralization of input during w...
Mediawiki - GrowthExperiments Extension Cross-Site Scripting Vulnerability
Mediawiki - GrowthExperiments Extension is an extension to MediaWiki designed to increase new user engagement and the quality of content contributions through a task system, a recommendation mechanism and a mentor feature. A cross-site scripting vulnerability exists in Mediawiki - GrowthExperimen...
CVE-2025-62667
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39...
CVE-2025-62668
Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Resource Leak Exposure.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39...
EUVD-2025-34955
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39...
EUVD-2025-34956
Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Resource Leak Exposure.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39...
CVE-2025-62668
Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Resource Leak Exposure.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39...
CVE-2025-62667 Stored XSS through article extracts in GrowthExperiments
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39...
CVE-2025-62667 Stored XSS through article extracts in GrowthExperiments
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39...
CVE-2025-62667
CVE-2025-62667 is a stored XSS vulnerability in the MediaWiki GrowthExperiments Extension. The issue arises from improper neutralization of user-supplied input during web page generation, allowing injected scripts/HTML via the extension’s handling of article extracts. Affected component: GrowthEx...
CVE-2025-62668 Insufficient permission checks in action=growthsetmentor
Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Resource Leak Exposure.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39...