Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

mediawiki — Vulnerabilities & Security Advisories 58

All 58 CVE vulnerabilities found in mediawiki, with AI-generated Chinese analysis, references, and POCs.

Vendor: mediawiki

CVE IDTitleCVSSSeverityPaused
CVE-2025-67481 mw.message(…).parse() doesn't output safe HTML, but it's being used as if it does CWE-79 6.1AIMediumAI2026-02-03
CVE-2025-67483 Theoretical i18n XSS in mediawiki.page.preview.js when a page has multiple protection levels CWE-79 6.1AIMediumAI2026-02-03
CVE-2025-67484 Action API xslt option allows JavaScript execution by administrators who are not interface administrators 9.8AICriticalAI2026-02-03
CVE-2025-67480 list=allrevisions can be used to bypass Extension:Lockdown 9.8AICriticalAI2026-02-03
CVE-2025-67475 Stored XSS through edit summaries in MW Core CWE-79 6.1AIMediumAI2026-02-03
CVE-2025-67476 Importing leaks IP address of importer via EventStreams 9.8AICriticalAI2026-02-03
CVE-2025-67477 Stored XSS through a system message in Special:ApiSandbox CWE-79 6.1AIMediumAI2026-02-03
CVE-2025-67479 Magic word replacement in legacy parser allows using reserved data attributes through wikitext 9.1AICriticalAI2026-02-03
CVE-2025-11261 Stored i18n XSS exposed by security patch for T402077 CWE-79 6.1AIMediumAI2026-02-03
CVE-2025-61645 CodexTablePager has i18n XSS CWE-79 6.1AIMediumAI2026-02-03
CVE-2025-61646 Watchlist group mode reveals authors of edits with hidden authorship 8.2AIHighAI2026-02-03
CVE-2025-61644 i18n XSS through Special:Watchlist CWE-79 6.1AIMediumAI2026-02-02
CVE-2025-61637 Stored XSS through system messages in MW Core CWE-79 6.1AIMediumAI2026-02-02
CVE-2025-61638 Sanitizer::validateAttributes data-XSS CWE-79 6.1AIMediumAI2026-02-02
CVE-2025-61639 Suppressed blocked IP is visible in Special:BlockList, RC, and other places CWE-200 7.5AIHighAI2026-02-02
CVE-2025-61640 Stored XSS through system messages in Special:RecentChangesLinked (MW Core) CWE-79 6.1AIMediumAI2026-02-02
CVE-2025-61641 API list=allpages with maxsize is making really slow queries 9.1AICriticalAI2026-02-02
CVE-2025-61642 Stored XSS through system messages provided to CodexHtmlForms CWE-79 6.1AIMediumAI2026-02-02
CVE-2025-61643 EventStreams publishes suppressed recent change entries that are suppressed from their creation 5.3AIMediumAI2026-02-02
CVE-2025-61634 HTML rest endpoint needs PoolCounter and proper parser cache check 9.4AICriticalAI2026-02-02
CVE-2025-61636 Codex Special:Block vulnerable to message key XSS CWE-79 6.1AIMediumAI2026-02-02
CVE-2025-6589 With MultiBlocks enabled and a user who is suppressed via a MultiBlock, a user without 'hideuser' can see the hidden username in the BlockList 7.5AIHighAI2026-02-02
CVE-2025-6590 Complete content leak of private wikis due to PasswordReset Wikitext injection in error message CWE-200 7.5AIHighAI2026-02-02
CVE-2025-6591 HTML injection in API action=feedcontributions output from i18n message 8.2AIHighAI2026-02-02
CVE-2025-6593 "{{SITENAME}} registered email address has been changed" email sent to unverified email addresses 8.1AIHighAI2026-02-02
CVE-2025-6594 XSS in Special:ApiSandbox CWE-79 6.1AIMediumAI2026-02-02
CVE-2025-6597 MediaWiki should not consider autocreation as login for the purposes of security reauthentication 9.8AICriticalAI2026-02-02
CVE-2025-6927 Autoblocks from global account suppressions are publicly visible 8.2AIHighAI2026-02-02
CVE-2025-32700 AbuseFilter log interfaces expose global private and hidden filters when central DB is not available CWE-200 7.5AIHighAI2025-04-10
CVE-2025-32699 Potential javascript injection attack enabled by Unicode normalization in Action API CWE-79 9.1AICriticalAI2025-04-10

All 58 known CVE vulnerabilities affecting mediawiki with full Chinese analysis, references, and POCs where available.