69 matches found
CVE-2025-11937
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - SecurePoll Extension allows Stored XSS.This issue affects Mediawiki - SecurePoll Extension: master...
EUVD-2025-34968
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - SecurePoll Extension allows Stored XSS.This issue affects Mediawiki - SecurePoll Extension: master...
CVE-2025-11937
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - SecurePoll Extension allows Stored XSS.This issue affects Mediawiki - SecurePoll Extension: master...
CVE-2025-11937 Stored XSS through a system message in SecurePoll
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - SecurePoll Extension allows Stored XSS.This issue affects Mediawiki - SecurePoll Extension: master...
CVE-2025-11937
CVE-2025-11937 pertains to a Stored XSS vulnerability in the Wikimedia Foundation MediaWiki SecurePoll extension. The issue arises from Improper Neutralization of Input During Web Page Generation, enabling stored cross-site scripting. Affected component: MediaWiki SecurePoll extension (master bra...
CVE-2025-11937 Stored XSS through a system message in SecurePoll
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - SecurePoll Extension allows Stored XSS.This issue affects Mediawiki - SecurePoll Extension: master...
Mediawiki - SecurePoll Extension 安全漏洞
Mediawiki - SecurePoll Extension is an open source plugin for elections, polls and surveys from Mediawiki. A security vulnerability exists in the master version of Mediawiki - SecurePoll Extension, which stems from improper input neutralization during page generation and could lead to a stored...
EUVD-2020-23290
Malware in sbrugna...
EUVD-2021-29033
Malicious code in bioql PyPI...
EUVD-2022-32775
Malicious code in bioql PyPI...
EUVD-2025-20088
Malicious code in bioql PyPI...
EUVD-2025-20087
Malicious code in bioql PyPI...
EUVD-2025-20085
Malicious code in bioql PyPI...
CVE-2025-53483
ArchivePage.php, UnarchivePage.php, and VoterEligibilityPageexecuteClear do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42....
CVE-2025-53485
SetTranslationHandler.php does not validate that the user is an election admin, allowing any even unauthenticated user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing. This issue affects Mediawiki - SecurePoll extension:...
CVE-2025-53484
User-controlled inputs are improperly escaped in: VotePage.php poll option input ResultPage::getPagesTab and getErrorsTab user-controllable page names This allows attackers to inject JavaScript and compromise user sessions under certain conditions. This issue affects Mediawiki - SecurePoll...
CVE-2025-53485
SetTranslationHandler.php does not validate that the user is an election admin, allowing any even unauthenticated user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing. This issue affects Mediawiki - SecurePoll extension:...
CVE-2025-53484
User-controlled inputs are improperly escaped in: VotePage.php poll option input ResultPage::getPagesTab and getErrorsTab user-controllable page names This allows attackers to inject JavaScript and compromise user sessions under certain conditions. This issue affects Mediawiki - SecurePoll...
CVE-2025-53483
ArchivePage.php, UnarchivePage.php, and VoterEligibilityPageexecuteClear do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42....
CVE-2025-53485
The CVE concerns the MediaWiki SecurePoll extension where SetTranslationHandler.php does not validate that the user is an election admin. This allows any (even unauthenticated) user to change election-related translation text. Affects SecurePoll versions: 1.39.X before 1.39.13; 1.42.X before 1.42...