CVE-2025-6595

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MultimediaViewer.This issue affects MultimediaViewer: from before 1.39.13, 1.42.7, 1.43.2, 1.44.0...

CVE-2025-6595

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MultimediaViewer.This issue affects MultimediaViewer: from before 1.39.13, 1.42.7, 1.43.2, 1.44.0...

CVE-2025-6595

CVE-2025-6595 is a Wikimedia Foundation MultimediaViewer vulnerability described as an XSS issue arising from improper neutralization of input during web page generation. Affected versions include MultimediaViewer before 1.39.13, 1.42.7, 1.43.2, and 1.44.0. The core impact is Stored XSS through s...

CVE-2025-6596

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/portlets.Js, resources/skins.Vector.Legacy.Js/portlets.Js. This issue affects Vecto...

Wikimedia Vector 安全漏洞

Wikimedia Vector is a desktop interface interface of the Wikimedia Foundation. There is a security vulnerability in Wikimedia Vector, which stems from improper input during web page generation, potentially leading to cross-site scripting attacks. The following versions are affected: versions 1.40...

Wikimedia AbuseFilter 安全漏洞

Wikimedia AbuseFilter is an editing filter tool developed by the Wikimedia Foundation. It is designed to automatically filter and block suspicious edits, account creation, and other disruptive activities based on custom rules. There is a security vulnerability in Wikimedia AbuseFilter, which stem...

CVE-2026-22714

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Monaco Skin allows Cross-Site Scripting XSS.This issue affects Mediawiki - Monaco Skin: 1.45, 1.44, 1.43, 1.39...

CVE-2026-22710

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Wikibase Extension: 1.45, 1.44, 1.43, 1.39...

CVE-2019-12473

Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

CVE-2019-12468

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover...

CVE-2019-12474

Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

CVE-2019-12470

Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

CVE-2019-12472

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks $wgBlockCIDRLimit by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

CVE-2025-62659

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki CookieConsent extension allows Cross-Site Scripting XSS.This issue affects MediaWiki CookieConsent extension: from v0.1.0 before v2.0.0...

CVE-2025-52738

The CVE-2025-52738 entry covers a Missing Authorization vulnerability in the Wikimedia Foundation Wikipedia Preview WordPress plugin. Affected product: WordPress Wikipedia Preview plugin up to version 1.15.0. Root cause: incorrectly configured access control security levels leading to Broken Acce...

CVE-2025-62701

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Wikistories allows Stored XSS.This issue affects Mediawiki - Wikistories: from master before 1.44...

PT-2025-43230

Name of the Vulnerable Software and Affected Versions Wikimedia Foundation Wikipedia Preview versions through 1.15.0 Description An authorization issue exists in Wikimedia Foundation Wikipedia Preview. The issue involves incorrectly configured access control security levels, potentially allowing...

CVE-2025-62661

Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension:...

EUVD-2025-35215

Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension:...

UBUNTU-CVE-2025-62702

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - PageTriage Extension allows Stored XSS.This issue affects Mediawiki - PageTriage Extension: from master before 1.44...