Lucene search
K

4 matches found

NVD
NVD
added 2026/04/07 11:16 p.m.5 views

CVE-2026-39935

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting XSS. This issue was remediated only on the master branch...

6.9CVSS0.00293EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 10:4 p.m.7 views

CVE-2026-39935

The CVE-2026-39935 entry describes a Cross-Site Scripting (XSS) vulnerability in The Wikimedia Foundation MediaWiki CampaignEvents Extension. Affected versions are 1.43.7, 1.44.4, and 1.45.2, where improper input neutralization during web page generation allows XSS. The issue is tied to the Campa...

6.9CVSS5.9AI score0.00293EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/09 3:50 p.m.23 views

CVE-2026-0817 CampaignEvents API missing authorization exposes meeting and chat URLs

Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39...

0.0025EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/12 12:0 a.m.5 views

PT-2024-2675 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.14 MediaWiki versions 1.36.x through 1.39.x before 1.39.6 MediaWiki versions 1.40.x before 1.40.2 Description: The issue is related to the CampaignEvents extension in MediaWiki, which is associated with improp...

5.5CVSS5.8AI score0.00406EPSS
Exploits1References10
Rows per page
Query Builder