CVE-2025-67479 Magic word replacement in legacy parser allows using reserved data attributes through wikitext

Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Cite. This vulnerability is associated with program files includes/Parser/CoreParserFunctions.Php, includes/Parser/Sanitizer.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1; Cite: from before 1.39.14,...

CVE-2025-67479

CVE-2025-67479 is a MediaWiki vulnerability (Cite context) involving magic word replacement in the legacy parser that allows using reserved data attributes via wikitext. Affected are MediaWiki releases before 1.39.14, 1.43.4, and 1.44.1; Cite module is also listed as affected. Debian LTS advisory...

CVE-2025-67479 Magic word replacement in legacy parser allows using reserved data attributes through wikitext

Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Cite. This vulnerability is associated with program files includes/Parser/CoreParserFunctions.Php, includes/Parser/Sanitizer.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1; Cite: from before 1.39.14,...

CVE-2025-6590 Complete content leak of private wikis due to PasswordReset Wikitext injection in error message

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php. This issue affects MediaWiki: from through 1.39.12, 1.42.76 1.43.1, 1.44.0...

CVE-2025-6590 Complete content leak of private wikis due to PasswordReset Wikitext injection in error message

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php. This issue affects MediaWiki: from through 1.39.12, 1.42.76 1.43.1, 1.44.0...

CVE-2025-6590

CVE-2025-6590 concerns MediaWiki. The vulnerability allows an unauthorized actor to disclose sensitive information via the program file includes/htmlform/fields/HTMLUserTextField.Php, affecting MediaWiki versions from any up to 1.39.12, 1.42.76, 1.43.1, and 1.44.0. The Red Hat description confirm...

Cross-site Scripting (XSS)

starcitizenwiki/embedvideo is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper restriction of HTML attributes in the video embedding functionality, which allows an attacker to inject and execute arbitrary web scripts through crafted wikitext...

CVE-2025-62671 Stored XSS through wikitext in Cargo

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: master...

EUVD-2012-4810

Malware in sbrugna...

EUVD-2022-2633

Malicious code in bioql PyPI...

EUVD-2025-31038

Malicious code in bioql PyPI...

CVE-2025-59839

The EmbedVideo Extension is a MediaWiki extension which adds a parser function called ev and various parser tags for embedding video clips from various video sharing services. In versions 4.0.0 and prior, the EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for...

CVE-2025-59839

The EmbedVideo Extension is a MediaWiki extension which adds a parser function called ev and various parser tags for embedding video clips from various video sharing services. In versions 4.0.0 and prior, the EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for...

CVE-2025-59839 Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes

The EmbedVideo Extension is a MediaWiki extension which adds a parser function called ev and various parser tags for embedding video clips from various video sharing services. In versions 4.0.0 and prior, the EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for...

CVE-2025-59839 Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes

The EmbedVideo Extension is a MediaWiki extension which adds a parser function called ev and various parser tags for embedding video clips from various video sharing services. In versions 4.0.0 and prior, the EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for...

CVE-2025-59839 Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes

The EmbedVideo Extension is a MediaWiki extension which adds a parser function called ev and various parser tags for embedding video clips from various video sharing services. In versions 4.0.0 and prior, the EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the data-iframeconfig attribute. An attacker can execute arbitrary JavaScript in the context of the affected site by injecting malicious attributes such as onload or onmouseenter through wikitext. Details...

GHSA-4J5H-MVJ3-M48V Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes

Summary The EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for stored XSS through wikitext. Details The attributes of an iframe are populated with the value of an unreserved data attribute data-iframeconfig that can be set via wikitext:...

Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes

Summary The EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for stored XSS through wikitext. Details The attributes of an iframe are populated with the value of an unreserved data attribute data-iframeconfig that can be set via wikitext:...

GHSA-JFJ7-249R-7J2M TabberNeue vulnerable to Stored XSS through wikitext

Summary Arbitrary HTML can be inserted into the DOM by inserting a payload into any allowed attribute of the tag. Details The args provided within the wikitext as attributes to the tag are passed to the TabberComponentTabs class:...