6 matches found
CVE-2025-62663
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - UploadWizard Extension allows Stored XSS.This issue affects Mediawiki - UploadWizard Extension: from master before 1.39...
CVE-2025-62697
Summary (CVE-2025-62697) : A code injection vulnerability exists in the Wikimedia Foundation’s MediaWiki LanguageSelector Extension due to improper neutralization of special elements in output used by downstream components. Affected: LanguageSelector Extension for MediaWiki, specifically versions...
CVE-2025-62693
CVE-2025-62693 is a stored XSS vulnerability in the MediaWiki LastModified Extension (MediaWiki – LastModified). Multiple sources confirm that the issue arises from lack of proper escaping in system messages (e.g., lastmodified-* values), allowing injected HTML/script to be stored and served to u...
CVE-2025-62662
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - AdvancedSearch Extension allows Stored XSS.This issue affects Mediawiki - AdvancedSearch Extension: from master before 1.39...
CVE-2025-62669 UserInfoCard: activeLocalBlocksAllWikis does not do permissions checks
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects Mediawiki - CentralAuth Extension: from master before 1.39...
CVE-2025-62665 Stored XSS through system messages in Skin:BlueSky
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Mediawiki - Skin:BlueSky allows Stored XSS.This issue affects Mediawiki - Skin:BlueSky: from master before 1.39...