CVE-2025-61649 UserInfoCard: Check that performing user has permission to view log entries for number of past blocks

Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from 7cedd58781d261f110651b6af4f41d2d11ae7309...

CVE-2025-61650 UserInfoCard is vulnerable to message key stored XSS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from before...

CVE-2025-61650 UserInfoCard is vulnerable to message key stored XSS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from before...

CVE-2025-61650

CVE-2025-61650 is an XSS vulnerability in Wikimedia Foundation CheckUser. Affected component: CheckUserUserInfoCardService.Php (file path: src/Services/CheckUserUserInfoCardService.Php). The issue arises in web page generation due to improper input neutralization. Affected scope: CheckUser before...

CVE-2025-61647 UserInfoCard: Don't allow access to information about users who are suppressed if you don't have suppressor rights

Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Api/Rest/Handler/UserInfoHandler.Php. This issue affects CheckUser: from a3dc1bbcc33acbcca6831d6afaccbb1054c93a57, 0584eb2ad564648aa3ce9c555dd044dda02b55f4...