CVE-2025-32074

CVE-2025-32074 affects MediaWiki’s Confirm Account Extension (versions 1.39–1.43). The root cause is an improper encoding/escaping of output that enables Cross-Site Scripting (XSS). The available connected sources identify the affected range and the vulnerability class but do not provide exploit ...

CVE-2025-32075 IP and user agent leaks in Extension:Tabs

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Tabs Extension allows Code Injection.This issue affects Mediawiki - Tabs Extension: from 1.39 through 1.43...

CVE-2025-32075 IP and user agent leaks in Extension:Tabs

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Tabs Extension allows Code Injection.This issue affects Mediawiki - Tabs Extension: from 1.39 through 1.43...

CVE-2025-32067

The CVE-2025-32067 entry concerns the Wikimedia Foundation MediaWiki Growth Experiments Extension, with an underlying issue of improper input validation that enables Cross-Site Scripting (XSS). Affected versions are 1.39 through 1.43. Public references from multiple feeds (Red Hat, NVD, CVE List,...

CVE-2025-32068 Revoking authorization of OAuth2 consumer does not invalidate refresh tokens

Incorrect Authorization vulnerability in The Wikimedia Foundation Mediawiki - OAuth Extension allows Authentication Bypass.This issue affects Mediawiki - OAuth Extension: from 1.39 through 1.43...

CVE-2025-32069 Wikitext stored XSS on filepages due to dangerous WBMI serialization

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Media Info Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Wikibase Media Info Extension: from 1.39 through 1.43...

CVE-2025-32069

The CVE-2025-32069 issue is an Improper Input Validation vulnerability in the Wikimedia Foundation’s MediaWiki Wikibase Media Info Extension, affecting versions 1.39 through 1.43. The root cause involves input validation flaws leading to Cross-Site Scripting (XSS) . Connected sources corroborate ...

CVE-2025-32069 Wikitext stored XSS on filepages due to dangerous WBMI serialization

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Media Info Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Wikibase Media Info Extension: from 1.39 through 1.43...

CVE-2025-32070

The CVE-2025-32070 entry concerns the MediaWiki AJAX Poll Extension, affected versions 1.39 through 1.43, with an underlying issue of improper input validation that enables Cross-Site Scripting (XSS) . Multiple connected sources confirm this as the root cause and impact. Practical consequence is ...

CVE-2025-32070 XSSes in AJAXPoll

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - AJAX Poll Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - AJAX Poll Extension: from 1.39 through 1.43...

CVE-2025-32071

CVE-2025-32071 affects the Wikimedia Foundation MediaWiki Wikidata Extension (Wikibase/Wikidata). Affects MediaWiki-Wikidata Extension versions 1.39 through 1.43 where improper input validation in ImageHandler::getDimensionsString() enables Cross-Site Scripting (XSS) via the widthheight message. ...

CVE-2025-32071 Wikibase CommonsInlineImageFormatter: i18n XSS

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikidata Extension allows Cross-Site Scripting XSS from widthheight message via ImageHandler::getDimensionsStringThis issue affects Mediawiki - Wikidata Extension: from 1.39 through 1.43...

CVE-2025-32071 Wikibase CommonsInlineImageFormatter: i18n XSS

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikidata Extension allows Cross-Site Scripting XSS from widthheight message via ImageHandler::getDimensionsStringThis issue affects Mediawiki - Wikidata Extension: from 1.39 through 1.43...

DEBIAN-CVE-2025-32700

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbuseLog.Php,...

CVE-2025-32700

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbuseLog.Php,...

CVE-2025-3469

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6,...

CVE-2025-32700

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbuseLog.Php,...

CVE-2025-32698

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/LogPager.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1...

CVE-2025-32696

Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1...

CVE-2025-32697

Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php. This issue affects MediaWiki:...