4 matches found
CVE-2025-53480 CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate (Account information tab) via unsanitized i18n messages
The CheckUser extension’s Special:Investigate page has a vulnerability in the Account information tab, where specific internationalized messages are rendered without proper escaping. Attackers can exploit this by appending ?uselang=x-xss to the URL, causing reflected XSS when the UI renders...
CVE-2025-53480 CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate (Account information tab) via unsanitized i18n messages
The CheckUser extension’s Special:Investigate page has a vulnerability in the Account information tab, where specific internationalized messages are rendered without proper escaping. Attackers can exploit this by appending ?uselang=x-xss to the URL, causing reflected XSS when the UI renders...
MediaWiki Security Breach
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki versions prior to 1.42.1, which stems from a...
PT-2024-28932 · Mediawiki · Mediawiki Checkuser Extension
Name of the Vulnerable Software and Affected Versions: MediaWiki CheckUser extension versions through 1.42.1 Description: The Special:Investigate feature can expose suppressed information for log events due to the TimelineService not supporting proper suppression. Recommendations: For versions...