Mediawiki%20-%20GrowthExperiments%20Extension

Mediawiki - GrowthExperiments Extension

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

3Vulnerabilities found

CVE-2026-22713

Assigner-The Wikimedia Foundation

View Details

Assigner-The Wikimedia Foundation

CVSS Score-2.3||LOW

EPSS-0.01% / 1.23%

7 Day CHG~0.00%

Published-09 Jan, 2026 | 00:00

Updated-12 Feb, 2026 | 17:47

Stored XSS through edit summaries in GrowthExperiments

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - GrowthExperiments Extension: 1.45, 1.44, 1.43, 1.39.

Vendor-growth Wikimedia Foundation

Product-growthexperiments Mediawiki - GrowthExperiments Extension

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-62667

Assigner-The Wikimedia Foundation

View Details

Assigner-The Wikimedia Foundation

CVSS Score-6.9||MEDIUM

EPSS-0.09% / 25.73%

7 Day CHG~0.00%

Published-18 Oct, 2025 | 04:42

Updated-21 Oct, 2025 | 19:31

Stored XSS through article extracts in GrowthExperiments

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39.

Vendor-Wikimedia Foundation

Product-Mediawiki - GrowthExperiments Extension

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-62668

Assigner-The Wikimedia Foundation

View Details

Assigner-The Wikimedia Foundation

CVSS Score-6.9||MEDIUM

EPSS-0.08% / 23.87%

7 Day CHG~0.00%

Published-18 Oct, 2025 | 04:39

Updated-21 Oct, 2025 | 19:31

Insufficient permission checks in action=growthsetmentor

Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Resource Leak Exposure.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39.

Vendor-Wikimedia Foundation

Product-Mediawiki - GrowthExperiments Extension

CWE ID-CWE-276

Incorrect Default Permissions