CVE-2026-22714

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Monaco Skin allows Cross-Site Scripting XSS.This issue affects Mediawiki - Monaco Skin: 1.45, 1.44, 1.43, 1.39...

CVE-2026-0671

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki - UploadWizard extension allows Cross-Site Scripting XSS.This issue affects MediaWiki - UploadWizard extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-0817

Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-0670

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows Cross-Site Scripting XSS.This issue affects MediaWiki - ProofreadPage Extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-22714

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Monaco Skin allows Cross-Site Scripting XSS.This issue affects Mediawiki - Monaco Skin: 1.45, 1.44, 1.43, 1.39...

CVE-2026-22710

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Wikibase Extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-22712 ApprovedRevs allows bypassing the inline CSS sanitizer

Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39...

MediaWiki - GrowthExperiments Extension 安全漏洞

MediaWiki - GrowthExperiments Extension is an open source plugin for MediaWiki. A security vulnerability exists in MediaWiki - GrowthExperiments Extension versions 1.45, 1.44, 1.43, and 1.39, which stems from improper input neutralization and could lead to a cross-site scripting attack...

MediaWiki - CampaignEvents 安全漏洞

MediaWiki - CampaignEvents is an open source community events plugin for MediaWiki. A security vulnerability exists in MediaWiki - CampaignEvents versions 1.45, 1.44, 1.43, and 1.39, which stems from a lack of authorization and could lead to privilege abuse...

Mediawiki - Wikibase Extension 安全漏洞

Mediawiki - Wikibase Extension is an open source database extension for Mediawiki. A security vulnerability exists in Mediawiki - Wikibase Extension versions 1.45, 1.44, 1.43, and 1.39, which stems from improper input neutralization and could lead to a cross-site scripting attack...

CVE-2026-22714 i18n XSS, DoS and config SQLI in Monaco

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Monaco Skin allows Cross-Site Scripting XSS.This issue affects Mediawiki - Monaco Skin: 1.45, 1.44, 1.43, 1.39...

CVE-2026-22710

The CVE-2026-22710 issue affects Mediawiki - Wikibase Extension versions 1.39 through 1.45. It stems from improper neutralization of input during web page generation, enabling Cross-Site Scripting (XSS) through autocomment system messages. Impact is XSS with potential script injection, as describ...

MediaWiki - UploadWizard Extension 安全漏洞

MediaWiki - UploadWizard Extension is an open source file upload plugin for MediaWiki. A security vulnerability exists in MediaWiki - UploadWizard Extension versions 1.45, 1.44, 1.43, and 1.39, which stems from improper input neutralization and could lead to a cross-site scripting attack...

CVE-2026-0670

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows Cross-Site Scripting XSS.This issue affects MediaWiki - ProofreadPage Extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-0669

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39...

CVE-2026-0669 Path Traversal vulnerability in CSS extension on certain web servers

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39...

MediaWiki - CSS extension 安全漏洞

MediaWiki - CSS extension is an open source CSS extension plugin for MediaWiki. A security vulnerability exists in MediaWiki - CSS extension versions 1.44, 1.43, and 1.39, which stems from an improperly restricted pathname and can lead to path traversal...

CVE-2025-62694

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - WikiLove Extension allows Stored XSS.This issue affects Mediawiki - WikiLove Extension: 1.39...

CVE-2025-62697

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in The Wikimedia Foundation Mediawiki - LanguageSelector Extension allows Code Injection.This issue affects Mediawiki - LanguageSelector Extension: from master before 1.39...

CVE-2025-62700

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - MultiBoilerplate Extensionmaste allows Stored XSS.This issue affects Mediawiki - MultiBoilerplate Extensionmaste: from master before 1.39...