642 matches found
PT-2025-27761
Name of the Vulnerable Software and Affected Versions AbuseFilter versions prior to 1.43.2 AbuseFilter version 1.44.0 Description A security issue exists in the Wikimedia Foundation AbuseFilter, specifically within the AuthManager.Php file. The vulnerability is related to program files...
PT-2025-27764
Name of the Vulnerable Software and Affected Versions Wikimedia Foundation Vector versions 1.40.0 through 1.42.6 Wikimedia Foundation Vector version 1.43.0 Wikimedia Foundation Vector version 1.43.1 Wikimedia Foundation Vector version 1.44.0 Description The software contains an Improper...
CVE-2025-23073
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - GlobalBlocking Extension allows Retrieve Embedded Sensitive Data. This issue briefly impacted the master branch of MediaWiki’s GlobalBlocking Extension...
CVE-2021-30458
An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a tag, bypassing sanitization steps, and potentially allowing for XSS...
CVE-2020-36324
Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type...
CVE-2018-25065
A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTagsbody.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated remotely. The...
CVE-2019-12471
Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...
CVE-2019-12466
Wikimedia MediaWiki through 1.32.1 allows CSRF...
BIT-MEDIAWIKI-2025-32699 Potential javascript injection attack enabled by Unicode normalization in Action API
Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2...
BIT-MEDIAWIKI-2025-32697 Cascading protection is not preventing file reversions
Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php. This issue affects MediaWiki:...
CVE-2025-32078
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Version Compare Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Version Compare Extension: from 1.39 through 1.43...
CVE-2025-32077
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Extension:SimpleCalendar allows Cross-Site Scripting XSS.This issue affects Mediawiki - Extension:SimpleCalendar: from 1.39 through 1.43...
CVE-2025-32067
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Growth Experiments Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Growth Experiments Extension: from 1.39 through 1.43...
CVE-2025-32069
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Media Info Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Wikibase Media Info Extension: from 1.39 through 1.43...
CVE-2025-32074
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Confirm Account Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Confirm Account Extension: from 1.39 through 1.43...
CVE-2025-32079
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments allows HTTP DoS.This issue affects Mediawiki - GrowthExperiments: from 1.39 through 1.43...
CVE-2025-32071
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikidata Extension allows Cross-Site Scripting XSS from widthheight message via ImageHandler::getDimensionsStringThis issue affects Mediawiki - Wikidata Extension: from 1.39 through 1.43...
CVE-2025-32068
Incorrect Authorization vulnerability in The Wikimedia Foundation Mediawiki - OAuth Extension allows Authentication Bypass.This issue affects Mediawiki - OAuth Extension: from 1.39 through 1.43...
CVE-2025-3469
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6,...
CVE-2025-32696
Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1...