12 matches found
CVE-2025-11937
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - SecurePoll Extension allows Stored XSS.This issue affects Mediawiki - SecurePoll Extension: master...
EUVD-2025-34968
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - SecurePoll Extension allows Stored XSS.This issue affects Mediawiki - SecurePoll Extension: master...
CVE-2025-11937
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - SecurePoll Extension allows Stored XSS.This issue affects Mediawiki - SecurePoll Extension: master...
EUVD-2025-20087
Malicious code in bioql PyPI...
EUVD-2025-20088
Malicious code in bioql PyPI...
CVE-2025-53485
SetTranslationHandler.php does not validate that the user is an election admin, allowing any even unauthenticated user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing. This issue affects Mediawiki - SecurePoll extension:...
CVE-2025-53484
User-controlled inputs are improperly escaped in: VotePage.php poll option input ResultPage::getPagesTab and getErrorsTab user-controllable page names This allows attackers to inject JavaScript and compromise user sessions under certain conditions. This issue affects Mediawiki - SecurePoll...
CVE-2025-53484
User-controlled inputs are improperly escaped in: VotePage.php poll option input ResultPage::getPagesTab and getErrorsTab user-controllable page names This allows attackers to inject JavaScript and compromise user sessions under certain conditions. This issue affects Mediawiki - SecurePoll...
CVE-2025-53483
ArchivePage.php, UnarchivePage.php, and VoterEligibilityPageexecuteClear do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42....
CVE-2025-53485 SecurePoll: Unauthorized access to SetTranslationHandler allows arbitrary text changes
SetTranslationHandler.php does not validate that the user is an election admin, allowing any even unauthenticated user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing. This issue affects Mediawiki - SecurePoll extension:...
PT-2025-28018 · Mediawiki · Mediawiki Securepoll Extension
Name of the Vulnerable Software and Affected Versions: MediaWiki SecurePoll extension versions 1.39.X through 1.39.12 MediaWiki SecurePoll extension versions 1.42.X through 1.42.6 MediaWiki SecurePoll extension versions 1.43.X through 1.43.1 Description: The issue arises from the lack of validati...
BIT-MEDIAWIKI-2022-28323
An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,...