Lucene search
K

11 matches found

Cvelist
Cvelist
added 2026/02/03 1:30 a.m.26 views

CVE-2025-67481 mw.message(…).parse() doesn't output safe HTML, but it's being used as if it does

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from before 1.39.1...

0.00221EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-23146

Malware in sbrugna...

6.1CVSS6.3AI score0.01029EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2021-28806

Malicious code in bioql PyPI...

6.1CVSS5.8AI score0.01302EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2023-45360

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers...

5.4CVSS6.1AI score0.00567EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/06 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2021-44855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image...

5.4CVSS5.2AI score0.00562EPSS
Exploits1References2
NVD
NVD
added 2020/12/21 11:15 p.m.22 views

CVE-2020-35622

An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. SpecialGlobalUsage.php calls WikiMap::makeForeignLink unsafely. The $page variable within the formatItem function was not being properly escaped, allowing for XSS under certain conditions...

6.1CVSS6AI score0.00661EPSS
Exploits0References2
Prion
Prion
added 2020/12/21 11:15 p.m.15 views

Design/Logic Flaw

An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. SpecialGlobalUsage.php calls WikiMap::makeForeignLink unsafely. The $page variable within the formatItem function was not being properly escaped, allowing for XSS under certain conditions...

4.3CVSS6AI score0.00661EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/12/18 8:15 a.m.1 views

DEBIAN-CVE-2020-35478

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink. This affects MediaWiki 1.33.0 and later...

6.1CVSS6.3AI score0.01353EPSS
Exploits1References1
NVD
NVD
added 2020/01/08 2:15 a.m.14 views

CVE-2020-6163

The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template in the templates/search/PropertySuggestionsWidget.mustache+dom file...

6.1CVSS6.1AI score0.00699EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/12/29 12:0 a.m.26 views

FreeBSD : mediawiki -- multiple vulnerabilities (f36bbd66-aa44-11e5-8f5c-002590263bf5)

MediaWiki reports : T117899 SECURITY: $wgArticlePath can no longer be set to relative paths that do not begin with a slash. This enabled trivial XSS attacks. Configuration values such as 'http://my.wiki.com/wiki/$1' are fine, as are '/wiki/$1'. A value such as '$1' or 'wiki/$1' is not and will no...

9.8CVSS7.2AI score0.01888EPSS
Exploits0References16
NVD
NVD
added 2013/09/12 1:31 p.m.15 views

CVE-2013-4308

Cross-site scripting XSS vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads LQT extension 2.x and possibly 3.x for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to inject arbitrary web script or HTML via a thread subject...

4.3CVSS5.7AI score0.01285EPSS
Exploits0References6
Rows per page
Query Builder