Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-62667 (GCVE-0-2025-62667)
Vulnerability from cvelistv5 – Published: 2025-10-18 04:42 – Updated: 2025-10-20 16:02
VLAI
EPSS
Title
Stored XSS through article extracts in GrowthExperiments
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Wikimedia Foundation | Mediawiki - GrowthExperiments Extension |
Affected:
master , < 1.39
(semver)
|
Credits
SomeRandomDeveloper
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T16:02:12.788782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T16:02:21.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mediawiki - GrowthExperiments Extension",
"vendor": "The Wikimedia Foundation",
"versions": [
{
"lessThan": "1.39",
"status": "affected",
"version": "master",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SomeRandomDeveloper"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.\u003cp\u003eThis issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-18T04:42:30.610Z",
"orgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"shortName": "wikimedia-foundation"
},
"references": [
{
"url": "https://phabricator.wikimedia.org/T402698"
},
{
"url": "https://gerrit.wikimedia.org/r/q/Iafd0acccf9a5c20d9e955d7bc3de1304968401ec"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored XSS through article extracts in GrowthExperiments",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"assignerShortName": "wikimedia-foundation",
"cveId": "CVE-2025-62667",
"datePublished": "2025-10-18T04:42:30.610Z",
"dateReserved": "2025-10-18T04:03:51.880Z",
"dateUpdated": "2025-10-20T16:02:21.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-62667",
"date": "2026-06-08",
"epss": "0.00056",
"percentile": "0.17759"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-62667\",\"sourceIdentifier\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\",\"published\":\"2025-10-18T05:15:34.323\",\"lastModified\":\"2025-10-21T19:31:25.450\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://gerrit.wikimedia.org/r/q/Iafd0acccf9a5c20d9e955d7bc3de1304968401ec\",\"source\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\"},{\"url\":\"https://phabricator.wikimedia.org/T402698\",\"source\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-62667\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-20T16:02:12.788782Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-20T16:02:17.232Z\"}}], \"cna\": {\"title\": \"Stored XSS through article extracts in GrowthExperiments\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"SomeRandomDeveloper\"}], \"impacts\": [{\"capecId\": \"CAPEC-592\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-592 Stored XSS\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"The Wikimedia Foundation\", \"product\": \"Mediawiki - GrowthExperiments Extension\", \"versions\": [{\"status\": \"affected\", \"version\": \"master\", \"lessThan\": \"1.39\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://phabricator.wikimedia.org/T402698\"}, {\"url\": \"https://gerrit.wikimedia.org/r/q/Iafd0acccf9a5c20d9e955d7bc3de1304968401ec\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.\u003cp\u003eThis issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\", \"shortName\": \"wikimedia-foundation\", \"dateUpdated\": \"2025-10-18T04:42:30.610Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-62667\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-20T16:02:21.267Z\", \"dateReserved\": \"2025-10-18T04:03:51.880Z\", \"assignerOrgId\": \"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\", \"datePublished\": \"2025-10-18T04:42:30.610Z\", \"assignerShortName\": \"wikimedia-foundation\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Title
Mediawiki - GrowthExperiments Extension跨站脚本漏洞
Description
Mediawiki - GrowthExperiments Extension是MediaWiki的一个扩展,旨在通过任务系统、推荐机制和导师功能提升新用户的参与度和内容贡献质量。
Mediawiki - GrowthExperiments Extension存在跨站脚本漏洞,该漏洞源于应用对用户提供的数据缺乏有效过滤与转义,攻击者可利用该漏洞通过注入精心设计的有效载荷执行任意Web脚本或HTML。
Severity
高
Patch Name
Mediawiki - GrowthExperiments Extension跨站脚本漏洞的补丁
Patch Description
Mediawiki - GrowthExperiments Extension是MediaWiki的一个扩展,旨在通过任务系统、推荐机制和导师功能提升新用户的参与度和内容贡献质量。
Mediawiki - GrowthExperiments Extension存在跨站脚本漏洞,该漏洞源于应用对用户提供的数据缺乏有效过滤与转义,攻击者可利用该漏洞通过注入精心设计的有效载荷执行任意Web脚本或HTML。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级程序修复该安全问题,详情见厂商官网: https://phabricator.wikimedia.org/T402698
Reference
https://gerrit.wikimedia.org/r/q/Iafd0acccf9a5c20d9e955d7bc3de1304968401ec
Impacted products
| Name | MediaWiki Mediawiki - GrowthExperiments Extension <1.39 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-62667",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-62667"
}
},
"description": "Mediawiki - GrowthExperiments Extension\u662fMediaWiki\u7684\u4e00\u4e2a\u6269\u5c55\uff0c\u65e8\u5728\u901a\u8fc7\u4efb\u52a1\u7cfb\u7edf\u3001\u63a8\u8350\u673a\u5236\u548c\u5bfc\u5e08\u529f\u80fd\u63d0\u5347\u65b0\u7528\u6237\u7684\u53c2\u4e0e\u5ea6\u548c\u5185\u5bb9\u8d21\u732e\u8d28\u91cf\u3002\n\nMediawiki - GrowthExperiments Extension\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u7f3a\u4e4f\u6709\u6548\u8fc7\u6ee4\u4e0e\u8f6c\u4e49\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u6ce8\u5165\u7cbe\u5fc3\u8bbe\u8ba1\u7684\u6709\u6548\u8f7d\u8377\u6267\u884c\u4efb\u610fWeb\u811a\u672c\u6216HTML\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51:\r\nhttps://phabricator.wikimedia.org/T402698",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-29387",
"openTime": "2025-11-26",
"patchDescription": "Mediawiki - GrowthExperiments Extension\u662fMediaWiki\u7684\u4e00\u4e2a\u6269\u5c55\uff0c\u65e8\u5728\u901a\u8fc7\u4efb\u52a1\u7cfb\u7edf\u3001\u63a8\u8350\u673a\u5236\u548c\u5bfc\u5e08\u529f\u80fd\u63d0\u5347\u65b0\u7528\u6237\u7684\u53c2\u4e0e\u5ea6\u548c\u5185\u5bb9\u8d21\u732e\u8d28\u91cf\u3002\r\n\r\nMediawiki - GrowthExperiments Extension\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u7f3a\u4e4f\u6709\u6548\u8fc7\u6ee4\u4e0e\u8f6c\u4e49\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u6ce8\u5165\u7cbe\u5fc3\u8bbe\u8ba1\u7684\u6709\u6548\u8f7d\u8377\u6267\u884c\u4efb\u610fWeb\u811a\u672c\u6216HTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Mediawiki - GrowthExperiments Extension\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "MediaWiki Mediawiki - GrowthExperiments Extension \u003c1.39"
},
"referenceLink": "https://gerrit.wikimedia.org/r/q/Iafd0acccf9a5c20d9e955d7bc3de1304968401ec",
"serverity": "\u9ad8",
"submitTime": "2025-10-23",
"title": "Mediawiki - GrowthExperiments Extension\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}
FKIE_CVE-2025-62667
Vulnerability from fkie_nvd - Published: 2025-10-18 05:15 - Updated: 2026-04-15 00:35
Severity
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39."
}
],
"id": "CVE-2025-62667",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary"
}
]
},
"published": "2025-10-18T05:15:34.323",
"references": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"url": "https://gerrit.wikimedia.org/r/q/Iafd0acccf9a5c20d9e955d7bc3de1304968401ec"
},
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"url": "https://phabricator.wikimedia.org/T402698"
}
],
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary"
}
]
}
GHSA-X6M8-4QGJ-87FJ
Vulnerability from github – Published: 2025-10-18 06:30 – Updated: 2025-10-18 06:30
VLAI
Details
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39.
Severity
{
"affected": [],
"aliases": [
"CVE-2025-62667"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-18T05:15:34Z",
"severity": "MODERATE"
},
"details": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39.",
"id": "GHSA-x6m8-4qgj-87fj",
"modified": "2025-10-18T06:30:25Z",
"published": "2025-10-18T06:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62667"
},
{
"type": "WEB",
"url": "https://gerrit.wikimedia.org/r/q/Iafd0acccf9a5c20d9e955d7bc3de1304968401ec"
},
{
"type": "WEB",
"url": "https://phabricator.wikimedia.org/T402698"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
WID-SEC-W-2025-2336
Vulnerability from csaf_certbund - Published: 2025-10-19 22:00 - Updated: 2025-10-22 22:00Summary
MediaWiki Extensions: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: MediaWiki ist ein freies Wiki, das ursprünglich für den Einsatz auf Wikipedia entwickelt wurde.
Angriff: Ein Angreifer kann mehrere Schwachstellen in MediaWiki ausnutzen, um Cross-Site-Scripting-Angriffe durchzuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
References
19 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "MediaWiki ist ein freies Wiki, das urspr\u00fcnglich f\u00fcr den Einsatz auf Wikipedia entwickelt wurde.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in MediaWiki ausnutzen, um Cross-Site-Scripting-Angriffe durchzuf\u00fchren, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2336 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2336.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2336 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2336"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11937"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62508"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62652"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62653"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62654"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62655"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62662"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62663"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62664"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62665"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62666"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62667"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62668"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62669"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62670"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62671"
},
{
"category": "external",
"summary": "MediaWiki Extensions and Skins Security Release Supplement (1.39.14/1.43.4/1.44.1)",
"url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/4P2UZCT4UFX2JKILESDBKT3QQ3JHMWTN/"
}
],
"source_lang": "en-US",
"title": "MediaWiki Extensions: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-22T22:00:00.000+00:00",
"generator": {
"date": "2025-10-23T08:39:02.651+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2336",
"initial_release_date": "2025-10-19T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-10-19T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-22T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.39.14",
"product": {
"name": "Open Source MediaWiki \u003c1.39.14",
"product_id": "T047373"
}
},
{
"category": "product_version",
"name": "1.39.14",
"product": {
"name": "Open Source MediaWiki 1.39.14",
"product_id": "T047373-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:1.39.14"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.43.4",
"product": {
"name": "Open Source MediaWiki \u003c1.43.4",
"product_id": "T047374"
}
},
{
"category": "product_version",
"name": "1.43.4",
"product": {
"name": "Open Source MediaWiki 1.43.4",
"product_id": "T047374-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:1.43.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.44.1",
"product": {
"name": "Open Source MediaWiki \u003c1.44.1",
"product_id": "T047375"
}
},
{
"category": "product_version",
"name": "1.44.1",
"product": {
"name": "Open Source MediaWiki 1.44.1",
"product_id": "T047375-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:1.44.1"
}
}
},
{
"category": "product_version",
"name": "WebAuthn extension",
"product": {
"name": "Open Source MediaWiki WebAuthn extension",
"product_id": "T047804",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:webauthn_extension"
}
}
},
{
"category": "product_version",
"name": "PollNY extension",
"product": {
"name": "Open Source MediaWiki PollNY extension",
"product_id": "T047805",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:pollny_extension"
}
}
},
{
"category": "product_version_range",
"name": "Citizen \u003c3.9.0",
"product": {
"name": "Open Source MediaWiki Citizen \u003c3.9.0",
"product_id": "T047806"
}
},
{
"category": "product_version",
"name": "Citizen 3.9.0",
"product": {
"name": "Open Source MediaWiki Citizen 3.9.0",
"product_id": "T047806-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:citizen__3.9.0"
}
}
},
{
"category": "product_version",
"name": "QuizGame extension",
"product": {
"name": "Open Source MediaWiki QuizGame extension",
"product_id": "T047807",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:quizgame_extension"
}
}
},
{
"category": "product_version",
"name": "Cargo extension",
"product": {
"name": "Open Source MediaWiki Cargo extension",
"product_id": "T047808",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:cargo_extension"
}
}
},
{
"category": "product_version_range",
"name": "AdvancedSearch Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki AdvancedSearch Extension \u003c1.39",
"product_id": "T047809"
}
},
{
"category": "product_version",
"name": "AdvancedSearch Extension 1.39",
"product": {
"name": "Open Source MediaWiki AdvancedSearch Extension 1.39",
"product_id": "T047809-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:advancedsearch_extension__1.39"
}
}
},
{
"category": "product_version_range",
"name": "UploadWizard Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki UploadWizard Extension \u003c1.39",
"product_id": "T047810"
}
},
{
"category": "product_version",
"name": "UploadWizard Extension 1.39",
"product": {
"name": "Open Source MediaWiki UploadWizard Extension 1.39",
"product_id": "T047810-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:uploadwizard_extension__1.39"
}
}
},
{
"category": "product_version_range",
"name": "ImageRating Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki ImageRating Extension \u003c1.39",
"product_id": "T047811"
}
},
{
"category": "product_version",
"name": "ImageRating Extension 1.39",
"product": {
"name": "Open Source MediaWiki ImageRating Extension 1.39",
"product_id": "T047811-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:imagerating_extension__1.39"
}
}
},
{
"category": "product_version_range",
"name": "Skin:BlueSky Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki Skin:BlueSky Extension \u003c1.39",
"product_id": "T047812"
}
},
{
"category": "product_version",
"name": "Skin:BlueSky Extension 1.39",
"product": {
"name": "Open Source MediaWiki Skin:BlueSky Extension 1.39",
"product_id": "T047812-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:skinbluesky_extension__1.39"
}
}
},
{
"category": "product_version_range",
"name": "CirrusSearch Extension \u003c1.43",
"product": {
"name": "Open Source MediaWiki CirrusSearch Extension \u003c1.43",
"product_id": "T047814"
}
},
{
"category": "product_version",
"name": "CirrusSearch Extension 1.43",
"product": {
"name": "Open Source MediaWiki CirrusSearch Extension 1.43",
"product_id": "T047814-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:cirrussearch_extension__1.43"
}
}
},
{
"category": "product_version_range",
"name": "GrowthExperiments Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki GrowthExperiments Extension \u003c1.39",
"product_id": "T047815"
}
},
{
"category": "product_version",
"name": "GrowthExperiments Extension 1.39",
"product": {
"name": "Open Source MediaWiki GrowthExperiments Extension 1.39",
"product_id": "T047815-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:growthexperiments_extension__1.39"
}
}
},
{
"category": "product_version_range",
"name": "CentralAuth Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki CentralAuth Extension \u003c1.39",
"product_id": "T047817"
}
},
{
"category": "product_version",
"name": "CentralAuth Extension 1.39",
"product": {
"name": "Open Source MediaWiki CentralAuth Extension 1.39",
"product_id": "T047817-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:centralauth_extension__1.39"
}
}
},
{
"category": "product_version",
"name": "Cargo Extension",
"product": {
"name": "Open Source MediaWiki Cargo Extension",
"product_id": "T047819",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:cargo_extension"
}
}
},
{
"category": "product_version",
"name": "SecurePoll Extension",
"product": {
"name": "Open Source MediaWiki SecurePoll Extension",
"product_id": "T047820",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:securepoll_extension"
}
}
},
{
"category": "product_version",
"name": "FlexDiagrams Extension",
"product": {
"name": "Open Source MediaWiki FlexDiagrams Extension",
"product_id": "T047821",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:flexdiagrams_extension"
}
}
}
],
"category": "product_name",
"name": "MediaWiki"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11937",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-11937"
},
{
"cve": "CVE-2025-62508",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62508"
},
{
"cve": "CVE-2025-62652",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62652"
},
{
"cve": "CVE-2025-62653",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62653"
},
{
"cve": "CVE-2025-62654",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62654"
},
{
"cve": "CVE-2025-62655",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62655"
},
{
"cve": "CVE-2025-62662",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62662"
},
{
"cve": "CVE-2025-62663",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62663"
},
{
"cve": "CVE-2025-62664",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62664"
},
{
"cve": "CVE-2025-62665",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62665"
},
{
"cve": "CVE-2025-62666",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62666"
},
{
"cve": "CVE-2025-62667",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62667"
},
{
"cve": "CVE-2025-62668",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62668"
},
{
"cve": "CVE-2025-62669",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62669"
},
{
"cve": "CVE-2025-62670",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62670"
},
{
"cve": "CVE-2025-62671",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62671"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…