CVE-2025-67481

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from before 1.39.1...

Wikimedia MediaWiki 安全漏洞

Wikimedia MediaWiki is a web application developed by the Wikimedia Foundation for building Wiki websites. Versions of MediaWiki prior to 1.39.16, 1.43.6, 1.44.3, and 1.45.1 contained security vulnerabilities due to improper handling of inputs in the...

EUVD-2022-4110

Malicious code in bioql PyPI...

MediaWiki Cross-site Scripting (XSS) vulnerability

An issue was discovered in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. The non-jqueryMsg version of mw.message.parse doesn't escape HTML. This affects both message contents which are generally safe and the parameters which can be based on user input. When jqueryMsg is loaded,...

Cross-Site Scripting (XSS)

MediaWiki is vulnerable to cross-site scripting. The non-jqueryMsg version of mw.message.parse doesn't escape HTML...

UBUNTU-CVE-2020-25828

An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message.parse doesn't escape HTML. This affects both message contents which are generally safe and the parameters which can be based on user input. When jqueryMsg is loaded...

CVE-2020-25828

An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message.parse doesn't escape HTML. This affects both message contents which are generally safe and the parameters which can be based on user input. When jqueryMsg is loaded...

Non-jqueryMsg version of mw.message(…).parse() doesn't escape HTML

More info at https://phabricator.wikimedia.org/T115888...