3 matches found
CVE-2025-61651 i18n XSS through Special:CheckUser CheckUser helper
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js. This issue affects CheckUser: from...
CVE-2024-23179
An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks...
PT-2024-2681 · Unknown +2 · Globalblocking Extension +2
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.40.2 GlobalBlocking extension versions prior to 1.40.2 Description: The issue is related to the GlobalBlocking extension in MediaWiki, where improper input neutralization during web page creation can lead to...