642 matches found
CVE-2025-32697
Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php. This issue affects MediaWiki:...
UBUNTU-CVE-2025-32697
Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php. This issue affects MediaWiki:...
UBUNTU-CVE-2025-32700
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbuseLog.Php,...
UBUNTU-CVE-2025-32699
Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2...
Cross-site Scripting (XSS)
Overview wikimedia/parsoid is a bidirectional parser between wikitext and HTML5. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper handling of Unicode normalization in the Action API. An attacker can manipulate script processing by injecting malicious...
CVE-2025-32700
MediaWiki CVE-2025-32700 is an information-disclosure vulnerability affecting MediaWiki 1.43.x before 1.43.1, tied to AbuseFilter and specific PHP files (includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbuseLog.Php, includes/View/AbuseFilterViewExamine.Ph...
CVE-2025-32700 AbuseFilter log interfaces expose global private and hidden filters when central DB is not available
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbuseLog.Php,...
CVE-2025-32700 AbuseFilter log interfaces expose global private and hidden filters when central DB is not available
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbuseLog.Php,...
CVE-2025-32699
CVE-2025-32699 affects Wikimedia Foundation MediaWiki and Parsoid. Affected: MediaWiki before 1.39.12, 1.42.6, 1.43.1; Parsoid before 0.16.5, 0.19.2, 0.20.2. Root cause: Unicode normalization enabling a potential JavaScript injection via Action API (i.e., abuse of the API to inject JS). Impacts: ...
CVE-2025-32699
Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2...
CVE-2025-32699 Potential javascript injection attack enabled by Unicode normalization in Action API
Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2...
CVE-2025-32698
MediaWiki CVE-2025-32698 is an information-disclosure vulnerability related to LogPager.php handling. Affected: MediaWiki before 1.39.12, 1.42.6, 1.43.1. Root cause: improper enforcement of suppression/restriction logic in LogPager.php that could expose data to unauthorized actors. Impact: potent...
CVE-2025-32697
Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php. This issue affects MediaWiki:...
CVE-2025-32696
CVE-2025-32696 (MediaWiki) is an improper preservation of permissions issue tied to RevertAction and ApiFileRevert, enabling bypass of the "reupload-own" restriction. Affected: MediaWiki before 1.39.12, 1.42.6, 1.43.1; root cause per Debian advisory involves bypass via reverting files. Remediatio...
CVE-2025-32696
Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1...
CVE-2025-23073
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - GlobalBlocking Extension allows Retrieve Embedded Sensitive Data. This issue briefly impacted the master branch of MediaWiki’s GlobalBlocking Extension...
CVE-2025-23074
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - SocialProfile Extension allows Functionality Misuse.This issue affects Mediawiki - SocialProfile Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...
CVE-2025-23072
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Mediawiki - RefreshSpecial Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - RefreshSpecial Extension: from 1.39.X before 1.39.11, from 1.41.X...
CVE-2025-23073 API list=globalblocks can reveal IP of autoblock if username and IP are included in the bgtargets parameter
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - GlobalBlocking Extension allows Retrieve Embedded Sensitive Data. This issue briefly impacted the master branch of MediaWiki’s GlobalBlocking Extension...
CVE-2025-23072 XSS in Special:RefreshSpecial
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Mediawiki - RefreshSpecial Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - RefreshSpecial Extension: from 1.39.X before 1.39.11, from 1.41.X...