CVE-2025-67475 Stored XSS through edit summaries in MW Core

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6,...

CVE-2025-67475

CVE-2025-67475 is a Stored XSS issue in Wikimedia MediaWiki, linked to improper neutralization in includes/CommentFormatter/CommentParser.Php, affecting MediaWiki versions < 1.39.16, < 1.43.6, < 1.44.3, and

Cross-site Scripting (XSS)

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the edit summary...

CVE-2025-67475 Stored XSS through edit summaries in MW Core

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6,...

CVE-2019-18611

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been abl...

CVE-2026-22713 Stored XSS through edit summaries in GrowthExperiments

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - GrowthExperiments Extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-22713

The CVE concerns the Wikimedia Foundation MediaWiki GrowthExperiments Extension, where a Cross-Site Scripting (XSS) vulnerability arises from improper neutralization of input during web page generation, exposed through edit summaries. Affected versions are 1.39–1.45. The confirmed impact is XSS i...

CVE-2026-22713 Stored XSS through edit summaries in GrowthExperiments

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - GrowthExperiments Extension: 1.45, 1.44, 1.43, 1.39...

PT-2026-2258

Name of the Vulnerable Software and Affected Versions Mediawiki - GrowthExperiments Extension versions 1.39 through 1.45 Description The Wikimedia Foundation Mediawiki - GrowthExperiments Extension is susceptible to a Cross-Site Scripting XSS issue due to improper neutralization of input during w...

CVE-2019-16529

An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki's permissions model...

EUVD-2019-8341

Malware in sbrugna...

EUVD-2019-7204

Malware in sbrugna...

CVE-2019-16529

An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki's permissions model...

CVE-2019-16529

The vulnerability CVE-2019-16529 affects the MediaWiki CheckUser extension up to version 1.35.0 . The issue is that oversighted edit summaries are still visible in CheckUser results, which violates MediaWiki’s permissions model. The connected sources confirm the existence of this exposure but do ...

CVE-2019-18611

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been abl...

CVE-2019-18611

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been abl...

Design/Logic Flaw

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been abl...

CVE-2019-18611

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been abl...

CVE-2019-18611

CVE-2019-18611 affects the MediaWiki CheckUser extension (up to v1.34). The issue enables certain sensitive information contained in oversighted edit summaries to be visible via the MediaWiki API to users with varying access levels. Underlying cause and impact are that confidentiality can be part...

CVE-2019-18611

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been abl...