Lucene search
+L

136 matches found

cvelist
cvelist
added 2025/10/17 10:38 p.m.12 views

CVE-2025-62654 Stored XSS through system messages in QuizGame

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki QuizGame extension allows Stored XSS.This issue affects MediaWiki QuizGame extension: 1.39, 1.43, 1.44...

2CVSS0.00287EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/10/17 10:38 p.m.2 views

CVE-2025-62654 Stored XSS through system messages in QuizGame

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki QuizGame extension allows Stored XSS.This issue affects MediaWiki QuizGame extension: 1.39, 1.43, 1.44...

2CVSS5.7AI score0.00287EPSS
Exploits0References1
cve
cve
added 2025/10/17 10:38 p.m.11 views

CVE-2025-62654

CVE-2025-62654 is a stored XSS vulnerability in the Wikimedia Foundation MediaWiki QuizGame extension, affecting versions 1.39, 1.43, and 1.44. Root cause: improper neutralization of input during web page generation. The available documents do not specify exploitation status or a fixed version. M...

2CVSS5.7AI score0.00287EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/10/17 10:23 p.m.3 views

CVE-2025-62653 Stored XSS through system messages in PollNY

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki PollNY extension allows Stored XSS.This issue affects MediaWiki PollNY extension: 1.39, 1.43, 1.44...

2CVSS5.7AI score0.00287EPSS
Exploits0References1
cvelist
cvelist
added 2025/10/17 10:23 p.m.12 views

CVE-2025-62653 Stored XSS through system messages in PollNY

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki PollNY extension allows Stored XSS.This issue affects MediaWiki PollNY extension: 1.39, 1.43, 1.44...

2CVSS0.00287EPSS
Exploits0References1
cve
cve
added 2025/10/17 10:23 p.m.13 views

CVE-2025-62653

The CVE-2025-62653 entry describes a stored XSS vulnerability in the Wikimedia Foundation MediaWiki PollNY extension. Affected versions are 1.39, 1.43, and 1.44. Root cause: improper neutralization of input during web page generation in the PollNY extension, enabling stored cross-site scripting. ...

2CVSS5.7AI score0.00287EPSS
Exploits0References1
osv
osv
added 2025/10/17 8:29 p.m.6 views

CVE-2025-62508 Citizen vulnerable to stored XSS in sticky header button messages

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element’s...

6.5CVSS6.6AI score0.00418EPSS
Exploits0References5
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-0722

Malware in sbrugna...

5.3CVSS6.8AI score0.01525EPSS
Exploits0References6
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-18208

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.0035EPSS
Exploits1References5
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-4101

Malicious code in bioql PyPI...

4.7CVSS6.5AI score0.00356EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-20236

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.0017EPSS
Exploits0References2
nvd
nvd
added 2025/07/07 7:15 p.m.6 views

CVE-2025-53478

The CheckUser extension’s Special:Investigate interface is vulnerable to reflected XSS due to improper escaping of certain internationalized system messages rendered on the “IPs and User agents” tab. This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13, from 1.42.X befor...

5.4CVSS0.0017EPSS
Exploits0References2
cve
cve
added 2025/07/07 6:16 p.m.25 views

CVE-2025-53478

The CVE-2025-53478 issue affects the MediaWiki CheckUser extension, specifically the Special:Investigate interface. It is a reflected XSS flaw caused by improper escaping of internationalized system messages rendered on the “IPs and User agents” tab. Affected versions include 1.39.x before 1.39.1...

5.4CVSS5.9AI score0.0017EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/07/04 12:0 a.m.7 views

MediaWiki Security Breach

MediaWiki is a set of free and freely available web-based Wiki engines from the American Wikimedia Wikimedia Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki that stems from the vulnerability t...

4.7CVSS5.6AI score0.0027EPSS
Exploits0References2
veracode
veracode
added 2025/06/17 6:18 a.m.6 views

HTML Injection

starcitizentools/citizen-skin is vulnerable to Arbitrary HTML injection. The vulnerability is due to system messages being inserted into the DOM as raw HTML, allowing users with editinterface rights to inject content without needing editsitejs permissions...

6.5CVSS6.6AI score0.0035EPSS
Exploits1References6Affected Software1
redhatcve
redhatcve
added 2025/06/14 7:21 p.m.2 views

CVE-2025-49576

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerabilit...

6.5CVSS7AI score0.0035EPSS
Exploits1References1
nvd
nvd
added 2025/06/12 7:15 p.m.10 views

CVE-2025-49576

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerabilit...

6.5CVSS0.0035EPSS
Exploits1References3
cve
cve
added 2025/06/12 6:50 p.m.48 views

CVE-2025-49576

Summary (mode C): CVE-2025-49576 affects the Citizen MediaWiki skin (StarCitizenTools) used in Wikis that employ the Citizen skin. The vulnerability arises because the system messages citizen-search-noresults-title and citizen-search-noresults-desc are inserted into raw HTML, allowing an attacker...

6.5CVSS6.3AI score0.0035EPSS
Exploits1References3Affected Software1
osv
osv
added 2025/06/12 6:50 p.m.6 views

CVE-2025-49576 Citizen allows stored XSS in search no result messages

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerabilit...

6.5CVSS6.5AI score0.0035EPSS
Exploits1References5
cve
cve
added 2025/06/12 6:50 p.m.49 views

CVE-2025-49579

CVE-2025-49579 affects the Citizen MediaWiki skin. The vulnerability arises because all system messages in Menu.mustache are inserted as raw HTML, enabling stored XSS when a user with editinterface but lacking editsitejs can edit messages. Affected versions are prior to Citizen 3.3.1, with fixed ...

6.5CVSS6.3AI score0.00345EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder