4 matches found
CVE-2026-39935
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting XSS. This issue was remediated only on the master branch...
CVE-2026-39935
The CVE-2026-39935 entry describes a Cross-Site Scripting (XSS) vulnerability in The Wikimedia Foundation MediaWiki CampaignEvents Extension. Affected versions are 1.43.7, 1.44.4, and 1.45.2, where improper input neutralization during web page generation allows XSS. The issue is tied to the Campa...
CVE-2026-0817 CampaignEvents API missing authorization exposes meeting and chat URLs
Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39...
PT-2024-2675 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.14 MediaWiki versions 1.36.x through 1.39.x before 1.39.6 MediaWiki versions 1.40.x before 1.40.2 Description: The issue is related to the CampaignEvents extension in MediaWiki, which is associated with improp...