CVE-2025-11937

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - SecurePoll Extension allows Stored XSS.This issue affects Mediawiki - SecurePoll Extension: master...

CVE-2025-11937 Stored XSS through a system message in SecurePoll

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - SecurePoll Extension allows Stored XSS.This issue affects Mediawiki - SecurePoll Extension: master...

CVE-2025-11937

CVE-2025-11937 pertains to a Stored XSS vulnerability in the Wikimedia Foundation MediaWiki SecurePoll extension. The issue arises from Improper Neutralization of Input During Web Page Generation, enabling stored cross-site scripting. Affected component: MediaWiki SecurePoll extension (master bra...

CVE-2025-11937 Stored XSS through a system message in SecurePoll

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - SecurePoll Extension allows Stored XSS.This issue affects Mediawiki - SecurePoll Extension: master...

EUVD-2020-23290

Malware in sbrugna...

EUVD-2022-32775

Malicious code in bioql PyPI...

EUVD-2025-20087

Malicious code in bioql PyPI...

EUVD-2025-20085

Malicious code in bioql PyPI...

CVE-2025-53484

User-controlled inputs are improperly escaped in: VotePage.php poll option input ResultPage::getPagesTab and getErrorsTab user-controllable page names This allows attackers to inject JavaScript and compromise user sessions under certain conditions. This issue affects Mediawiki - SecurePoll...

CVE-2025-53485

SetTranslationHandler.php does not validate that the user is an election admin, allowing any even unauthenticated user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing. This issue affects Mediawiki - SecurePoll extension:...

CVE-2025-53485

The CVE concerns the MediaWiki SecurePoll extension where SetTranslationHandler.php does not validate that the user is an election admin. This allows any (even unauthenticated) user to change election-related translation text. Affects SecurePoll versions: 1.39.X before 1.39.13; 1.42.X before 1.42...

CVE-2025-53484

The CVE-2025-53484 affects the MediaWiki SecurePoll extension. Affected versions are 1.39.x before 1.39.13, 1.42.x before 1.42.7, and 1.43.x before 1.43.2. The root cause is improper escaping of user-controlled inputs in VotePage.php (poll option input) and in ResultPage’s getPagesTab() and getEr...

Wikimedia Mediawiki - SecurePoll extension 跨站请求伪造漏洞

Wikimedia Mediawiki - SecurePoll extension is a special page extension for elections, polls and surveys from the Wikimedia Foundation. A cross-site request forgery vulnerability exists in the Wikimedia Mediawiki - SecurePoll extension versions prior to 1.39.13, prior to 1.42.7, and prior to 1.43....

PT-2025-28016 · Mediawiki · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: Mediawiki - SecurePoll extension versions 1.39.X through 1.39.12 Mediawiki - SecurePoll extension versions 1.42.X through 1.42.6 Mediawiki - SecurePoll extension versions 1.43.X through 1.43.1 Description: The issue affects the Mediawiki -...

CVE-2020-35624

An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. The non-admin vote list contains a full vote timestamp, which may provide unintended clues about how a voting process unfolded...

CVE-2022-28323

An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,...

PT-2022-18961 · Mediawiki +1 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.37.2 Description: An issue was discovered in the SecurePoll extension of MediaWiki, allowing a leak because sorting by timestamp is supported. Recommendations: For MediaWiki versions through 1.37.2, consider...

MediaWiki suffers from an unspecified vulnerability (CNVD-2021-38679)

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.35.1 and earlier...

PT-2020-17371 · Mediawiki +1 · Mediawiki Securepoll Extension +1

Name of the Vulnerable Software and Affected Versions: MediaWiki SecurePoll extension versions through 1.35.1 Description: An issue in the SecurePoll extension for MediaWiki may provide unintended clues about how a voting process unfolded due to the non-admin vote list containing a full vote...

MediaWiki 安全漏洞

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.35.1 and earlier...