51 matches found
CVE-2021-30458
An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a tag, bypassing sanitization steps, and potentially allowing for XSS...
U.S. Dept Of Defense: Cross-Site Scripting via 'wikitext' parameter
A Cross-Site Scripting XSS vulnerability was discovered in the 'wikitext' parameter of a web application. The vulnerability allowed an attacker to inject malicious scripts that could be executed by the application. No further details were provided regarding the impact or the affected product...
CVE-2025-32069
The CVE-2025-32069 issue is an Improper Input Validation vulnerability in the Wikimedia Foundation’s MediaWiki Wikibase Media Info Extension, affecting versions 1.39 through 1.43. The root cause involves input validation flaws leading to Cross-Site Scripting (XSS) . Connected sources corroborate ...
CVE-2025-32069 Wikitext stored XSS on filepages due to dangerous WBMI serialization
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Media Info Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Wikibase Media Info Extension: from 1.39 through 1.43...
CVE-2025-32069 Wikitext stored XSS on filepages due to dangerous WBMI serialization
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Media Info Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Wikibase Media Info Extension: from 1.39 through 1.43...
GHSA-4X6X-8RM8-C37J Extension:TabberNeue vulnerable to Cross-site Scripting
Summary There are several sources of arbitrary, unescaped user input being used to construct HTML, which allows any user that can edit pages or otherwise render wikitext to XSS other users. Edit: Only the first XSS can be reproduced in production. Details ✅ Verified and patched in...
Cross-site Scripting (XSS)
mediawiki is vulnerable to cross-site scripting XSS. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a tag, bypassing sanitization steps, and potentially allowing for XSS...
CVE-2021-30458
An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a tag, bypassing sanitization steps, and potentially allowing for XSS...
DEBIAN-CVE-2021-30458
An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a tag, bypassing sanitization steps, and potentially allowing for XSS...
UBUNTU-CVE-2021-30458
An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a tag, bypassing sanitization steps, and potentially allowing for XSS...
Cross site scripting
An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a tag, bypassing sanitization steps, and potentially allowing for XSS...
CVE-2021-30458
An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a tag, bypassing sanitization steps, and potentially allowing for XSS...
CVE-2021-30458
An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a tag, bypassing sanitization steps, and potentially allowing for XSS...
CVE-2015-8622
Cross-site scripting XSS vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to...
CVE-2015-8622
Cross-site scripting XSS vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to...
Cross site scripting
Cross-site scripting XSS vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to...
CVE-2015-8622
Cross-site scripting XSS vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to...
CVE-2015-8622
Cross-site scripting XSS vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to...
DEBIAN-CVE-2014-9475
Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message...
Cross site scripting
Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message...