mediawiki
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting mediawiki.
- CVE-2026-39837Stored XSS through the dynamic table format in Cargo5.4
- CVE-2026-39841Stored XSS through list fields on Cargo's page values and Special:CargoTables6.1
- CVE-2026-39840CSS injection in multiple Cargo display formats6.1
- CVE-2026-39839Stored XSS through URLs in Cargo's map format6.1
- CVE-2025-61658Special:GlobalContributions shows edits on wikis the viewer doesn't have access to4.3
- CVE-2024-34500An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in ...6.1
- CVE-2024-34506An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page ope...7.5
- CVE-2024-34507An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b c...7.4
- CVE-2024-34502An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the fro...9.8
- CVE-2024-23174An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-ta...5.4
- CVE-2024-23178An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.5.4
- CVE-2024-23173An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, a...6.1
- CVE-2024-23172An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in Specia...5.4
- CVE-2024-23177An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter.6.1
- CVE-2024-23171An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the ...5.4