Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Mediawiki Subscribe
Total 438 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-53494 2 Mediawiki, Wmde-fisch 2 Mediawiki, Twocolconflict 2026-06-17 N/A 6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - TwoColConflict Extension allows Stored XSS.This issue affects Mediawiki - TwoColConflict Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
CVE-2025-53493 2 Mediawiki, Yaronkoren 2 Mediawiki, Mintydocs 2026-06-17 N/A 6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MintyDocs Extension allows Stored XSS.This issue affects Mediawiki - MintyDocs Extension: from 1.43.X before 1.43.2.
CVE-2025-53492 2 Mediawiki, Yaronkoren 2 Mediawiki, Mintydocs 2026-06-17 N/A 3.7 LOW
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MintyDocs Extension allows Stored XSS.This issue affects Mediawiki - MintyDocs Extension: from 1.43.X before 1.43.2.
CVE-2025-53490 2 Jly, Mediawiki 2 Campaignevents, Mediawiki 2026-06-17 N/A 5.6 MEDIUM
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - CampaignEvents Extension: from 1.43.X before 1.43.2.
CVE-2025-53489 2 Jackphoenix, Mediawiki 2 Googledocs4mw, Mediawiki 2026-06-17 N/A 5.6 MEDIUM
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - GoogleDocs4MW Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - GoogleDocs4MW Extension: from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
CVE-2025-11261 1 Mediawiki 1 Mediawiki 2026-06-17 N/A 6.1 MEDIUM
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Language/mediawiki.Language.Js. This issue affects MediaWiki: from * before 1.39.15, 1.43.5, 1.44.2.
CVE-2024-47913 1 Mediawiki 1 Mediawiki 2026-06-17 N/A 5.3 MEDIUM
An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.
CVE-2024-47849 1 Mediawiki 1 Cargo 2026-06-17 N/A 9.8 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
CVE-2024-47847 1 Mediawiki 1 Cargo 2026-06-17 N/A 6.1 MEDIUM
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
CVE-2024-47846 1 Mediawiki 1 Cargo 2026-06-17 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
CVE-2024-40605 1 Mediawiki 1 Mediawiki 2026-06-17 N/A 4.8 MEDIUM
An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
CVE-2024-40604 1 Mediawiki 1 Mediawiki 2026-06-17 N/A 4.8 MEDIUM
An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via MediaWiki:Nimbus-sidebar menu and submenu entries.
CVE-2024-40603 1 Mediawiki 1 Mediawiki 2026-06-17 N/A 4.3 MEDIUM
An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request.
CVE-2024-40602 1 Mediawiki 1 Mediawiki 2026-06-17 N/A 4.8 MEDIUM
An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
CVE-2024-40601 1 Mediawiki 1 Mediawiki 2026-06-17 N/A 6.5 MEDIUM
An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules.
CVE-2024-40600 1 Mediawiki 1 Mediawiki 2026-06-17 N/A 4.8 MEDIUM
An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
CVE-2024-40599 1 Mediawiki 1 Mediawiki 2026-06-17 N/A 4.8 MEDIUM
An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
CVE-2024-40598 1 Mediawiki 1 Mediawiki 2026-06-17 N/A 4.3 MEDIUM
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. (The log_deleted attribute is not applied to entries.)
CVE-2024-40597 1 Mediawiki 1 Mediawiki 2026-06-17 N/A 7.5 HIGH
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. It can expose suppressed information for log events. (The log_deleted attribute is not respected.)
CVE-2024-40596 1 Mediawiki 1 Mediawiki 2026-06-17 N/A 4.3 MEDIUM
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. (TimelineService does not support properly suppressing.)