Lucene search
K

5 matches found

NVD
NVD
added 2026/02/03 2:16 a.m.7 views

CVE-2025-67481

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from before 1.39.1...

6.1CVSS0.00221EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 2:16 a.m.6 views

UBUNTU-CVE-2025-67481

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from before 1.39.1...

6.1CVSS5.8AI score0.00221EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/03 1:30 a.m.5 views

CVE-2025-67481 mw.message(…).parse() doesn't output safe HTML, but it's being used as if it does

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from before 1.39.1...

5.3AI score0.00221EPSS
Exploits0References1
OSV
OSV
added 2020/09/27 9:15 p.m.1 views

DEBIAN-CVE-2020-25828

An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message.parse doesn't escape HTML. This affects both message contents which are generally safe and the parameters which can be based on user input. When jqueryMsg is loaded...

6.1CVSS6.8AI score0.01089EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/09/25 12:0 a.m.3 views

PT-2020-6811 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.31.10 and earlier MediaWiki versions 1.32.x through 1.34.3 Description: An issue was discovered in the non-jqueryMsg version of mw.message.parse, which doesn't escape HTML. This affects both message contents and the...

9.8CVSS5.7AI score0.04098EPSS
Exploits6References68
Rows per page
Query Builder