136 matches found
CVE-2025-62654 Stored XSS through system messages in QuizGame
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki QuizGame extension allows Stored XSS.This issue affects MediaWiki QuizGame extension: 1.39, 1.43, 1.44...
CVE-2025-62654 Stored XSS through system messages in QuizGame
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki QuizGame extension allows Stored XSS.This issue affects MediaWiki QuizGame extension: 1.39, 1.43, 1.44...
CVE-2025-62654
CVE-2025-62654 is a stored XSS vulnerability in the Wikimedia Foundation MediaWiki QuizGame extension, affecting versions 1.39, 1.43, and 1.44. Root cause: improper neutralization of input during web page generation. The available documents do not specify exploitation status or a fixed version. M...
CVE-2025-62653 Stored XSS through system messages in PollNY
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki PollNY extension allows Stored XSS.This issue affects MediaWiki PollNY extension: 1.39, 1.43, 1.44...
CVE-2025-62653 Stored XSS through system messages in PollNY
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki PollNY extension allows Stored XSS.This issue affects MediaWiki PollNY extension: 1.39, 1.43, 1.44...
CVE-2025-62653
The CVE-2025-62653 entry describes a stored XSS vulnerability in the Wikimedia Foundation MediaWiki PollNY extension. Affected versions are 1.39, 1.43, and 1.44. Root cause: improper neutralization of input during web page generation in the PollNY extension, enabling stored cross-site scripting. ...
CVE-2025-62508 Citizen vulnerable to stored XSS in sticky header button messages
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element’s...
EUVD-2017-0722
Malware in sbrugna...
EUVD-2025-18208
Malicious code in bioql PyPI...
EUVD-2025-4101
Malicious code in bioql PyPI...
EUVD-2025-20236
Malicious code in bioql PyPI...
CVE-2025-53478
The CheckUser extension’s Special:Investigate interface is vulnerable to reflected XSS due to improper escaping of certain internationalized system messages rendered on the “IPs and User agents” tab. This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13, from 1.42.X befor...
CVE-2025-53478
The CVE-2025-53478 issue affects the MediaWiki CheckUser extension, specifically the Special:Investigate interface. It is a reflected XSS flaw caused by improper escaping of internationalized system messages rendered on the “IPs and User agents” tab. Affected versions include 1.39.x before 1.39.1...
MediaWiki Security Breach
MediaWiki is a set of free and freely available web-based Wiki engines from the American Wikimedia Wikimedia Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki that stems from the vulnerability t...
HTML Injection
starcitizentools/citizen-skin is vulnerable to Arbitrary HTML injection. The vulnerability is due to system messages being inserted into the DOM as raw HTML, allowing users with editinterface rights to inject content without needing editsitejs permissions...
CVE-2025-49576
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerabilit...
CVE-2025-49576
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerabilit...
CVE-2025-49576
Summary (mode C): CVE-2025-49576 affects the Citizen MediaWiki skin (StarCitizenTools) used in Wikis that employ the Citizen skin. The vulnerability arises because the system messages citizen-search-noresults-title and citizen-search-noresults-desc are inserted into raw HTML, allowing an attacker...
CVE-2025-49576 Citizen allows stored XSS in search no result messages
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerabilit...
CVE-2025-49579
CVE-2025-49579 affects the Citizen MediaWiki skin. The vulnerability arises because all system messages in Menu.mustache are inserted as raw HTML, enabling stored XSS when a user with editinterface but lacking editsitejs can edit messages. Affected versions are prior to Citizen 3.3.1, with fixed ...