CVE-2026-22711

Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia Foundation Mediawiki - Wikilove Extension allows Cross-Site Scripting XSS.The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45...

CVE-2026-39838

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows XSS Targeting Non-Script Elements. The issue has been remediated on the master branch, and in the release branches for MediaWiki...

CVE-2026-39937

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....

CVE-2025-11175

CVE-2025-11175 concerns the MediaWiki DiscussionTools extension (version 1.44 and 1.43 affected) and is caused by improper neutralization of certain expression language elements, enabling a Regular Expression exponential blowup. Public entries from NVD, Debian security tracker, and related OSV en...

CVE-2025-11175

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extensio...

CVE-2026-0817

Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-22710

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Wikibase Extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-0817

Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-0669 Path Traversal vulnerability in CSS extension on certain web servers

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39...

CVE-2025-62658

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension: 1.43, 1.44...

UBUNTU-CVE-2025-62658

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension: 1.43, 1.44...

CVE-2025-62655

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44...

CVE-2025-62654

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki QuizGame extension allows Stored XSS.This issue affects MediaWiki QuizGame extension: 1.39, 1.43, 1.44...

CVE-2025-62655

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44...

CVE-2025-62655 SQL injection in Cargo via Special:CargoExport

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44...

CVE-2025-62653 Stored XSS through system messages in PollNY

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki PollNY extension allows Stored XSS.This issue affects MediaWiki PollNY extension: 1.39, 1.43, 1.44...

CVE-2025-62653

The CVE-2025-62653 entry describes a stored XSS vulnerability in the Wikimedia Foundation MediaWiki PollNY extension. Affected versions are 1.39, 1.43, and 1.44. Root cause: improper neutralization of input during web page generation in the PollNY extension, enabling stored cross-site scripting. ...

CVE-2025-62652 Stored XSS in WebAuthn key name

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension allows Stored XSS.This issue affects MediaWiki WebAuthn extension: 1.39, 1.43, 1.44...

Wikimedia Mediawiki CampaignEvents Extension 安全漏洞

Wikimedia Mediawiki CampaignEvents Extension is a Wikimedia Foundation extension for wiki projects. A security vulnerability exists in Wikimedia Mediawiki CampaignEvents Extension 1.43.2 prior to version 1.43.x. The vulnerability stems from improper input neutralization and could lead to cross-si...

Wikimedia Mediawiki - MintyDocs Extension 安全漏洞

Wikimedia Mediawiki - MintyDocs Extension is a document creation and management extension from the Wikimedia Foundation. A security vulnerability exists in Wikimedia Mediawiki - MintyDocs Extension that stems from improper input neutralization and could lead to a stored cross-site scripting attac...