Export limit exceeded: 344032 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (84 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61648 | 2 Mediawiki, Wikimedia | 2 Checkuser, Checkuser | 2026-04-09 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/ShowIPButton.Vue, modules/ext.CheckUser.TempAccounts/SpecialBlock.Js. This issue affects CheckUser: from * before 1.44.1. | ||||
| CVE-2025-61651 | 2 Mediawiki, Wikimedia | 2 Checkuser, Checkuser | 2026-04-09 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js. This issue affects CheckUser: from * before 1.44.1. | ||||
| CVE-2025-61655 | 2 Mediawiki, Wikimedia | 2 Visual Editor, Visualeditor | 2026-04-09 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files includes/ApiVisualEditorEdit.Php, modules/ve-mw/init/targets/ve.Init.Mw.DesktopArticleTarget.Js, modules/ve-mw/ui/dialogs/ve.Ui.MWSaveDialog.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1. | ||||
| CVE-2025-61656 | 2 Mediawiki, Wikimedia | 2 Visual Editor, Visualeditor | 2026-04-09 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files src/ce/ve.Ce.ClipboardHandler.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1. | ||||
| CVE-2025-67475 | 2 Mediawiki, Wikimedia | 2 Mediawiki, Mediawiki | 2026-04-09 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1. | ||||
| CVE-2025-67477 | 2 Mediawiki, Wikimedia | 2 Mediawiki, Mediawiki | 2026-04-09 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from * before 1.44.3, 1.45.1. | ||||
| CVE-2025-67481 | 2 Mediawiki, Wikimedia | 2 Mediawiki, Mediawiki | 2026-04-09 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1. | ||||
| CVE-2025-67483 | 2 Mediawiki, Wikimedia | 2 Mediawiki, Mediawiki | 2026-04-09 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from * before 1.43.6, 1.44.3, 1.45.1. | ||||
| CVE-2026-22711 | 1 Wikimedia | 1 Mediawiki-wikilove Extension | 2026-04-09 | N/A |
| Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia Foundation Mediawiki - Wikilove Extension allows Cross-Site Scripting (XSS).The issue has been remediated on the `master` branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45. | ||||
| CVE-2026-5762 | 1 Wikimedia | 1 Mediawiki-reportincident Extension | 2026-04-09 | N/A |
| Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation MediaWiki - ReportIncident Extension allows HTTP DoS. This issue was remediated only on the `master` branch. | ||||
| CVE-2026-39838 | 1 Wikimedia | 1 Mediawiki-proofreadpage Extension | 2026-04-09 | N/A |
| Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows XSS Targeting Non-Script Elements. The issue has been remediated on the `master` branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45. | ||||
| CVE-2026-39937 | 1 Wikimedia | 1 Mediawiki - Centralauth Extension | 2026-04-09 | N/A |
| Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the `master` branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45. | ||||
| CVE-2026-39933 | 1 Wikimedia | 1 Mediawiki - Globalwatchlist Extension | 2026-04-09 | N/A |
| Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension allows Cross-Site Scripting (XSS). The issue has been remediated on the `master` branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45. | ||||
| CVE-2026-39934 | 1 Wikimedia | 1 Mediawiki-growthexperiments Extension | 2026-04-09 | N/A |
| Loop with unreachable exit condition ('infinite loop') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This issue was remediated only on the `master` branch. | ||||
| CVE-2026-39935 | 1 Wikimedia | 1 Mediawiki-campaignevents Extension | 2026-04-09 | N/A |
| Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting (XSS). This issue was remediated only on the `master` branch. | ||||
| CVE-2026-39936 | 1 Wikimedia | 1 Mediawiki-score Extension | 2026-04-09 | N/A |
| Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Score Extension allows Cross-Site Scripting (XSS). The issue has been remediated on the `master` branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45. | ||||
| CVE-2026-39839 | 1 Wikimedia | 1 Mediawiki-cargo Extension | 2026-04-09 | N/A |
| Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7. | ||||
| CVE-2026-39840 | 1 Wikimedia | 1 Mediawiki-cargo Extension | 2026-04-09 | N/A |
| Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7. | ||||
| CVE-2026-39841 | 1 Wikimedia | 1 Mediawiki-cargo Extension | 2026-04-09 | N/A |
| Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7. | ||||
| CVE-2026-39837 | 1 Wikimedia | 1 Mediawiki-cargo Extension | 2026-04-09 | N/A |
| Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7. | ||||