Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-22714

Summary
Assigner-wikimedia-foundation
Assigner Org ID-c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
Published At-08 Jan, 2026 | 23:56
Updated At-09 Jan, 2026 | 19:17
Rejected At-
Credits

i18n XSS, DoS and config SQLI in Monaco

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Monaco Skin allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Monaco Skin: 1.45, 1.44, 1.43, 1.39.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:wikimedia-foundation
Assigner Org ID:c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
Published At:08 Jan, 2026 | 23:56
Updated At:09 Jan, 2026 | 19:17
Rejected At:
â–¼CVE Numbering Authority (CNA)
i18n XSS, DoS and config SQLI in Monaco

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Monaco Skin allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Monaco Skin: 1.45, 1.44, 1.43, 1.39.

Affected Products
Vendor
Wikimedia FoundationThe Wikimedia Foundation
Product
Mediawiki - Monaco Skin
Default Status
unaffected
Versions
Affected
  • 1.45
  • 1.44
  • 1.43
  • 1.39
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
4.02.3LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Version: 4.0
Base score: 2.3
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-63CAPEC-63 Cross-Site Scripting (XSS)
CAPEC ID: CAPEC-63
Description: CAPEC-63 Cross-Site Scripting (XSS)
Solutions
Configurations
Workarounds
Exploits
Credits
finder
SomeRandomDeveloper
remediation developer
SomeRandomDeveloper
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://phabricator.wikimedia.org/T411126
N/A
https://gerrit.wikimedia.org/r/q/I00b2e369fa189803380ca7409022a11b670d2500
N/A
Hyperlink: https://phabricator.wikimedia.org/T411126
Resource: N/A
Hyperlink: https://gerrit.wikimedia.org/r/q/I00b2e369fa189803380ca7409022a11b670d2500
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
Published At:09 Jan, 2026 | 00:15
Updated At:13 Jan, 2026 | 14:03

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Monaco Skin allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Monaco Skin: 1.45, 1.44, 1.43, 1.39.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.02.3LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 2.3
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Secondaryc4f26cc8-17ff-4c99-b5e2-38fc1793eacc
CWE ID: CWE-79
Type: Secondary
Source: c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gerrit.wikimedia.org/r/q/I00b2e369fa189803380ca7409022a11b670d2500c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
N/A
https://phabricator.wikimedia.org/T411126c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
N/A
Hyperlink: https://gerrit.wikimedia.org/r/q/I00b2e369fa189803380ca7409022a11b670d2500
Source: c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
Resource: N/A
Hyperlink: https://phabricator.wikimedia.org/T411126
Source: c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

24Records found
CVE-2026-22710
Matching Score-10
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-10
Assigner-The Wikimedia Foundation
CVSS Score-2.3||LOW
EPSS-0.07% / 20.76%
||
7 Day CHG+0.01%
Published-08 Jan, 2026 | 23:48
Updated-12 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS through autocomment system messages in Wikibase

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Wikibase Extension: 1.45, 1.44, 1.43, 1.39.

Action-Not Available
Vendor-Wikimedia Foundation
Product-wikibaseMediawiki - Wikibase Extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47840
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.49% / 64.83%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 00:53
Updated-16 Oct, 2024 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS through sidebar in Apex skin

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Apex skin allows Stored XSS.This issue affects Mediawiki - Apex skin: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.

Action-Not Available
Vendor-Wikimedia Foundation
Product-apexMediawiki - Apex skinmediawiki-apex_skin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-22713
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-2.3||LOW
EPSS-0.07% / 20.76%
||
7 Day CHG+0.01%
Published-09 Jan, 2026 | 00:00
Updated-12 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS through edit summaries in GrowthExperiments

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - GrowthExperiments Extension: 1.45, 1.44, 1.43, 1.39.

Action-Not Available
Vendor-growthWikimedia Foundation
Product-growthexperimentsMediawiki - GrowthExperiments Extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-62652
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-5.8||MEDIUM
EPSS-0.07% / 21.29%
||
7 Day CHG~0.00%
Published-17 Oct, 2025 | 22:15
Updated-21 Oct, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS in WebAuthn key name

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension allows Stored XSS.This issue affects MediaWiki WebAuthn extension: 1.39, 1.43, 1.44.

Action-Not Available
Vendor-Wikimedia Foundation
Product-MediaWiki WebAuthn extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-62653
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-2||LOW
EPSS-0.07% / 20.01%
||
7 Day CHG~0.00%
Published-17 Oct, 2025 | 22:23
Updated-21 Oct, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS through system messages in PollNY

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PollNY extension allows Stored XSS.This issue affects MediaWiki PollNY extension: 1.39, 1.43, 1.44.

Action-Not Available
Vendor-Wikimedia Foundation
Product-MediaWiki PollNY extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-62700
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 21.52%
||
7 Day CHG~0.00%
Published-20 Oct, 2025 | 17:53
Updated-21 Oct, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS through a system message in MultiBoilerplate

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - MultiBoilerplate Extensionmaste allows Stored XSS.This issue affects Mediawiki - MultiBoilerplate Extensionmaste: from master before 1.39.

Action-Not Available
Vendor-Wikimedia Foundation
Product-Mediawiki - MultiBoilerplate Extensionmaste
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-62701
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 21.52%
||
7 Day CHG~0.00%
Published-21 Oct, 2025 | 04:45
Updated-21 Oct, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS through system messages

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Wikistories allows Stored XSS.This issue affects Mediawiki - Wikistories: from master before 1.44.

Action-Not Available
Vendor-Wikimedia Foundation
Product-Mediawiki - Wikistories
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-62667
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 21.52%
||
7 Day CHG~0.00%
Published-18 Oct, 2025 | 04:42
Updated-21 Oct, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS through article extracts in GrowthExperiments

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39.

Action-Not Available
Vendor-Wikimedia Foundation
Product-Mediawiki - GrowthExperiments Extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-62695
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 21.52%
||
7 Day CHG~0.00%
Published-21 Oct, 2025 | 04:02
Updated-21 Oct, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS through system messages

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Stored XSS.This issue affects Mediawiki - WikiLambda Extension: master.

Action-Not Available
Vendor-Wikimedia Foundation
Product-Mediawiki - WikiLambda Extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-62702
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 21.52%
||
7 Day CHG~0.00%
Published-21 Oct, 2025 | 04:42
Updated-21 Oct, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS through system messages

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - PageTriage Extension allows Stored XSS.This issue affects Mediawiki - PageTriage Extension: from master before 1.44.

Action-Not Available
Vendor-Wikimedia Foundation
Product-Mediawiki - PageTriage Extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-62656
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-5.8||MEDIUM
EPSS-0.07% / 20.01%
||
7 Day CHG~0.00%
Published-20 Oct, 2025 | 20:15
Updated-21 Oct, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GlobalBlocking Special:GlobalBlockList vulnerable to message key stored XSS

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki GlobalBlocking extension allows Stored XSS.This issue affects MediaWiki GlobalBlocking extension: 1.43, 1.44.

Action-Not Available
Vendor-Wikimedia Foundation
Product-MediaWiki GlobalBlocking extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-62694
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.55%
||
7 Day CHG~0.00%
Published-21 Oct, 2025 | 04:28
Updated-21 Oct, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS through a system message

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLove Extension allows Stored XSS.This issue affects Mediawiki - WikiLove Extension: 1.39.

Action-Not Available
Vendor-Wikimedia Foundation
Product-Mediawiki - WikiLove Extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-62670
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 21.52%
||
7 Day CHG~0.00%
Published-18 Oct, 2025 | 04:29
Updated-21 Oct, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS through a system message in FlexDiagrams

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - FlexDiagrams Extension allows Stored XSS.This issue affects Mediawiki - FlexDiagrams Extension: master.

Action-Not Available
Vendor-Wikimedia Foundation
Product-Mediawiki - FlexDiagrams Extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-62657
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-5.8||MEDIUM
EPSS-0.07% / 20.01%
||
7 Day CHG~0.00%
Published-20 Oct, 2025 | 20:19
Updated-21 Oct, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS through system messages in PageForms

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PageForms extension allows Stored XSS.This issue affects MediaWiki PageForms extension: 1.44.

Action-Not Available
Vendor-Wikimedia Foundation
Product-MediaWiki PageForms extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-62698
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 21.52%
||
7 Day CHG~0.00%
Published-20 Oct, 2025 | 18:07
Updated-21 Oct, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS through system messages in ExternalGuidance

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - ExternalGuidance allows Stored XSS.This issue affects Mediawiki - ExternalGuidance: from master before 1.39.

Action-Not Available
Vendor-Wikimedia Foundation
Product-Mediawiki - ExternalGuidance
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-62671
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 21.52%
||
7 Day CHG~0.00%
Published-18 Oct, 2025 | 04:24
Updated-21 Oct, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS through wikitext in Cargo

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: master.

Action-Not Available
Vendor-Wikimedia Foundation
Product-Mediawiki - Cargo Extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-62664
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 21.52%
||
7 Day CHG~0.00%
Published-18 Oct, 2025 | 04:13
Updated-21 Oct, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS through a system message in ImageRating

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - ImageRating Extension allows Stored XSS.This issue affects Mediawiki - ImageRating Extension: from master before 1.39.

Action-Not Available
Vendor-Wikimedia Foundation
Product-Mediawiki - ImageRating Extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-62659
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-2.1||LOW
EPSS-0.07% / 21.29%
||
7 Day CHG~0.00%
Published-22 Oct, 2025 | 15:31
Updated-22 Oct, 2025 | 21:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The CookieConsent extension does not properly use reserved data attributes, thus introducing potential XSS vectors

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki CookieConsent extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki CookieConsent extension: from v0.1.0 before v2.0.0.

Action-Not Available
Vendor-Wikimedia Foundation
Product-MediaWiki CookieConsent extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-62663
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 21.52%
||
7 Day CHG~0.00%
Published-18 Oct, 2025 | 04:16
Updated-21 Oct, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS through a system message in UploadWizard

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - UploadWizard Extension allows Stored XSS.This issue affects Mediawiki - UploadWizard Extension: from master before 1.39.

Action-Not Available
Vendor-Wikimedia Foundation
Product-Mediawiki - UploadWizard Extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-62662
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 21.52%
||
7 Day CHG~0.00%
Published-18 Oct, 2025 | 04:19
Updated-21 Oct, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS through system messages in AdvancedSearch

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - AdvancedSearch Extension allows Stored XSS.This issue affects Mediawiki - AdvancedSearch Extension: from master before 1.39.

Action-Not Available
Vendor-Wikimedia Foundation
Product-Mediawiki - AdvancedSearch Extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-62693
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 21.52%
||
7 Day CHG~0.00%
Published-20 Oct, 2025 | 17:51
Updated-21 Oct, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS through system messages in LastModified

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - LastModified Extension allows Stored XSS.This issue affects Mediawiki - LastModified Extension: from master before 1.39.

Action-Not Available
Vendor-Wikimedia Foundation
Product-Mediawiki - LastModified Extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-62654
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-2||LOW
EPSS-0.07% / 20.01%
||
7 Day CHG~0.00%
Published-17 Oct, 2025 | 22:38
Updated-21 Oct, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS through system messages in QuizGame

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki QuizGame extension allows Stored XSS.This issue affects MediaWiki QuizGame extension: 1.39, 1.43, 1.44.

Action-Not Available
Vendor-Wikimedia Foundation
Product-MediaWiki QuizGame extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-11937
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 21.52%
||
7 Day CHG~0.00%
Published-18 Oct, 2025 | 05:14
Updated-21 Oct, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS through a system message in SecurePoll

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - SecurePoll Extension allows Stored XSS.This issue affects Mediawiki - SecurePoll Extension: master.

Action-Not Available
Vendor-Wikimedia Foundation
Product-Mediawiki - SecurePoll Extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47847
Matching Score-6
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-6
Assigner-The Wikimedia Foundation
CVSS Score-6.9||MEDIUM
EPSS-0.78% / 73.30%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 00:47
Updated-16 Oct, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Various XSSes found in Cargo

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.

Action-Not Available
Vendor-Wikimedia Foundation
Product-cargoMediawiki - Cargomediawiki-cargo
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Details not found