2 matches found
CVE-2021-30458
Wikimedia Parsoid (before 0.11.1 and 0.12.x before 0.12.2) contains a XSS vector where crafted wikitext can be transformed by Utils/WTUtils.php via a tag, bypassing sanitization. This is a code-path issue leading to potential XSS. Remediation: upgrade to Parsoid 0.11.1 or 0.12.2 (the fixed relea...
CVE-2025-61638
CVE-2025-61638 is an XSS (Improper Neutralization of Input During Web Page Generation) vulnerability affecting Wikimedia Foundation MediaWiki and Parsoid. The issue is tied to Sanitizer.Php and Sanitizer.Php in the MediaWiki code paths (includes/parser/Sanitizer.Php, src/Core/Sanitizer.Php). Affe...