Lucene search
+L

5 matches found

OpenVAS
OpenVAS
added 2025/06/20 12:0 a.m.6 views

MediaWiki >= 2.4.2 < 3.3.1 Multiple Vulnerabilities

MediaWiki is prone to multiple vulnerabilities. Note: This VT has been deprecated as it had targeted the wrong product. It is therefore no longer functional. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

6.5CVSS7.2AI score0.0035EPSS
Exploits2References2
NVD
NVD
added 2025/06/12 7:15 p.m.10 views

CVE-2025-49575

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the...

6.5CVSS0.0035EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/06/12 6:45 p.m.7 views

CVE-2025-49575 Citizen allows stored XSS in Command Palette tip messages

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the...

6.5CVSS6.9AI score0.0035EPSS
Exploits1References3
CVE
CVE
added 2025/06/12 6:45 p.m.51 views

CVE-2025-49575

The CVE-2025-49575 issue affects the Citizen skin for MediaWiki. The underlying problem is that multiple system messages are inserted into the CommandPaletteFooter as raw HTML, enabling stored HTML injection by users who can edit those messages. This could allow arbitrary HTML execution in the af...

6.5CVSS6.9AI score0.0035EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/06/12 6:45 p.m.5 views

CVE-2025-49575 Citizen allows stored XSS in Command Palette tip messages

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the...

6.5CVSS6.5AI score0.0035EPSS
Exploits1References5
Rows per page
Query Builder