CVE-2025-62508 (GCVE-0-2025-62508)
Vulnerability from cvelistv5 – Published: 2025-10-17 20:29 – Updated: 2025-10-17 20:54
VLAI
Title
Citizen vulnerable to stored XSS in sticky header button messages
Summary
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element’s textContent when copying button labels. This causes escaped HTML in system message content (such as citizen-share, citizen-view-history, citizen-view-edit, and nstab-talk) to be interpreted as HTML in the sticky header, allowing injection of arbitrary script by a user with the ability to edit interface messages. The vulnerability allows a user with the editinterface right but without the editsitejs right (by default the sysop group has editinterface but may not have editsitejs) to execute arbitrary JavaScript in other users’ sessions, enabling unauthorized access to sensitive data or actions. The issue is fixed in 3.9.0.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/StarCitizenTools/mediawiki-ski… | x_refsource_CONFIRM |
| https://github.com/StarCitizenTools/mediawiki-ski… | x_refsource_MISC |
| https://github.com/StarCitizenTools/mediawiki-ski… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| StarCitizenTools | mediawiki-skins-Citizen |
Affected:
>= 3.3.0, < 3.9.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62508",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T20:53:27.250721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T20:54:23.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mediawiki-skins-Citizen",
"vendor": "StarCitizenTools",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.3.0, \u003c 3.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element\u2019s textContent when copying button labels. This causes escaped HTML in system message content (such as citizen-share, citizen-view-history, citizen-view-edit, and nstab-talk) to be interpreted as HTML in the sticky header, allowing injection of arbitrary script by a user with the ability to edit interface messages. The vulnerability allows a user with the editinterface right but without the editsitejs right (by default the sysop group has editinterface but may not have editsitejs) to execute arbitrary JavaScript in other users\u2019 sessions, enabling unauthorized access to sensitive data or actions. The issue is fixed in 3.9.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T20:29:47.235Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-g955-vw6w-v6pp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-g955-vw6w-v6pp"
},
{
"name": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/e006923c6dbf113c9a025ca186ecc09fe7b93a15",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/e006923c6dbf113c9a025ca186ecc09fe7b93a15"
},
{
"name": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/fbb1d4fe9627281567706f3f6fc99a42ce16fdc4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/fbb1d4fe9627281567706f3f6fc99a42ce16fdc4"
}
],
"source": {
"advisory": "GHSA-g955-vw6w-v6pp",
"discovery": "UNKNOWN"
},
"title": "Citizen vulnerable to stored XSS in sticky header button messages"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62508",
"datePublished": "2025-10-17T20:29:47.235Z",
"dateReserved": "2025-10-15T15:03:28.133Z",
"dateUpdated": "2025-10-17T20:54:23.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-62508",
"date": "2026-06-08",
"epss": "0.00033",
"percentile": "0.09987"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-62508\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-10-17T21:15:36.587\",\"lastModified\":\"2025-10-21T19:31:50.020\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element\u2019s textContent when copying button labels. This causes escaped HTML in system message content (such as citizen-share, citizen-view-history, citizen-view-edit, and nstab-talk) to be interpreted as HTML in the sticky header, allowing injection of arbitrary script by a user with the ability to edit interface messages. The vulnerability allows a user with the editinterface right but without the editsitejs right (by default the sysop group has editinterface but may not have editsitejs) to execute arbitrary JavaScript in other users\u2019 sessions, enabling unauthorized access to sensitive data or actions. The issue is fixed in 3.9.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/e006923c6dbf113c9a025ca186ecc09fe7b93a15\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/fbb1d4fe9627281567706f3f6fc99a42ce16fdc4\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-g955-vw6w-v6pp\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-62508\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-17T20:53:27.250721Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-17T20:54:00.953Z\"}}], \"cna\": {\"title\": \"Citizen vulnerable to stored XSS in sticky header button messages\", \"source\": {\"advisory\": \"GHSA-g955-vw6w-v6pp\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"StarCitizenTools\", \"product\": \"mediawiki-skins-Citizen\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 3.3.0, \u003c 3.9.0\"}]}], \"references\": [{\"url\": \"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-g955-vw6w-v6pp\", \"name\": \"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-g955-vw6w-v6pp\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/e006923c6dbf113c9a025ca186ecc09fe7b93a15\", \"name\": \"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/e006923c6dbf113c9a025ca186ecc09fe7b93a15\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/fbb1d4fe9627281567706f3f6fc99a42ce16fdc4\", \"name\": \"https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/fbb1d4fe9627281567706f3f6fc99a42ce16fdc4\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element\\u2019s textContent when copying button labels. This causes escaped HTML in system message content (such as citizen-share, citizen-view-history, citizen-view-edit, and nstab-talk) to be interpreted as HTML in the sticky header, allowing injection of arbitrary script by a user with the ability to edit interface messages. The vulnerability allows a user with the editinterface right but without the editsitejs right (by default the sysop group has editinterface but may not have editsitejs) to execute arbitrary JavaScript in other users\\u2019 sessions, enabling unauthorized access to sensitive data or actions. The issue is fixed in 3.9.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-10-17T20:29:47.235Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-62508\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-17T20:54:23.336Z\", \"dateReserved\": \"2025-10-15T15:03:28.133Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-10-17T20:29:47.235Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2025-62508
Vulnerability from fkie_nvd - Published: 2025-10-17 21:15 - Updated: 2026-04-15 00:35
Severity
Summary
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element’s textContent when copying button labels. This causes escaped HTML in system message content (such as citizen-share, citizen-view-history, citizen-view-edit, and nstab-talk) to be interpreted as HTML in the sticky header, allowing injection of arbitrary script by a user with the ability to edit interface messages. The vulnerability allows a user with the editinterface right but without the editsitejs right (by default the sysop group has editinterface but may not have editsitejs) to execute arbitrary JavaScript in other users’ sessions, enabling unauthorized access to sensitive data or actions. The issue is fixed in 3.9.0.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element\u2019s textContent when copying button labels. This causes escaped HTML in system message content (such as citizen-share, citizen-view-history, citizen-view-edit, and nstab-talk) to be interpreted as HTML in the sticky header, allowing injection of arbitrary script by a user with the ability to edit interface messages. The vulnerability allows a user with the editinterface right but without the editsitejs right (by default the sysop group has editinterface but may not have editsitejs) to execute arbitrary JavaScript in other users\u2019 sessions, enabling unauthorized access to sensitive data or actions. The issue is fixed in 3.9.0."
}
],
"id": "CVE-2025-62508",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-10-17T21:15:36.587",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/e006923c6dbf113c9a025ca186ecc09fe7b93a15"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/fbb1d4fe9627281567706f3f6fc99a42ce16fdc4"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-g955-vw6w-v6pp"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-G955-VW6W-V6PP
Vulnerability from github – Published: 2025-10-20 15:31 – Updated: 2025-10-20 15:31
VLAI
Summary
Citizen vulnerable to stored XSS in sticky header button messages
Details
Summary
The JS implementation for copying button labels to the sticky header in the Citizen skin unescapes HTML characters, allowing for stored XSS through system messages.
Details
In the copyButtonAttributes function in stickyHeader.js, when copying the button labels, the innerHTML of the new element is set to the textContent of the old element:
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/f4cbcecf5aca0ae69966b23d4983f9cb5033f319/resources/skins.citizen.scripts/stickyHeader.js#L29-L41
This unescapes any escaped HTML characters and causes the contents of the system messages to be interpreted as HTML.
PoC
- Edit any of the affected messages (
citizen-share,citizen-view-history,citizen-view-edit,nstab-talk) to the following payload:<img src="" onerror="alert('Sticky Header Button XSS')">. - Visit any mainpage article in the wiki using the Citizen skin.
Impact
This impacts wikis where a group has the editinterface but not the editsitejs user right. By default, this is the case for the sysop group.
Severity
6.5 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "starcitizentools/citizen-skin"
},
"ranges": [
{
"events": [
{
"introduced": "3.3.0"
},
{
"fixed": "3.9.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-62508"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-20T15:31:06Z",
"nvd_published_at": "2025-10-17T21:15:36Z",
"severity": "MODERATE"
},
"details": "### Summary\nThe JS implementation for copying button labels to the sticky header in the Citizen skin unescapes HTML characters, allowing for stored XSS through system messages.\n\n### Details\nIn the `copyButtonAttributes` function in `stickyHeader.js`, when copying the button labels, the `innerHTML` of the new element is set to the `textContent` of the old element:\nhttps://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/f4cbcecf5aca0ae69966b23d4983f9cb5033f319/resources/skins.citizen.scripts/stickyHeader.js#L29-L41\nThis unescapes any escaped HTML characters and causes the contents of the system messages to be interpreted as HTML.\n\n### PoC\n1. Edit any of the affected messages (`citizen-share`, `citizen-view-history`, `citizen-view-edit`, `nstab-talk`) to the following payload: `\u003cimg src=\"\" onerror=\"alert(\u0027Sticky Header Button XSS\u0027)\"\u003e`.\n2. Visit any mainpage article in the wiki using the Citizen skin.\n\n\u003cimg width=\"495\" height=\"228\" alt=\"image\" src=\"https://github.com/user-attachments/assets/ac75b8e1-b181-4335-9526-17d6b6f8518e\" /\u003e\n\u003cimg width=\"569\" height=\"157\" alt=\"image\" src=\"https://github.com/user-attachments/assets/c052edb9-ff68-4869-9c66-3ec85e7ff68a\" /\u003e\n\n\n### Impact\nThis impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. By default, this is the case for the `sysop` group.",
"id": "GHSA-g955-vw6w-v6pp",
"modified": "2025-10-20T15:31:06Z",
"published": "2025-10-20T15:31:06Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-g955-vw6w-v6pp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62508"
},
{
"type": "WEB",
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/e006923c6dbf113c9a025ca186ecc09fe7b93a15"
},
{
"type": "WEB",
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/fbb1d4fe9627281567706f3f6fc99a42ce16fdc4"
},
{
"type": "PACKAGE",
"url": "https://github.com/StarCitizenTools/mediawiki-skins-Citizen"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Citizen vulnerable to stored XSS in sticky header button messages"
}
WID-SEC-W-2025-2336
Vulnerability from csaf_certbund - Published: 2025-10-19 22:00 - Updated: 2025-10-22 22:00Summary
MediaWiki Extensions: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: MediaWiki ist ein freies Wiki, das ursprünglich für den Einsatz auf Wikipedia entwickelt wurde.
Angriff: Ein Angreifer kann mehrere Schwachstellen in MediaWiki ausnutzen, um Cross-Site-Scripting-Angriffe durchzuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
References
19 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "MediaWiki ist ein freies Wiki, das urspr\u00fcnglich f\u00fcr den Einsatz auf Wikipedia entwickelt wurde.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in MediaWiki ausnutzen, um Cross-Site-Scripting-Angriffe durchzuf\u00fchren, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2336 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2336.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2336 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2336"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11937"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62508"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62652"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62653"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62654"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62655"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62662"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62663"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62664"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62665"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62666"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62667"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62668"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62669"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62670"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62671"
},
{
"category": "external",
"summary": "MediaWiki Extensions and Skins Security Release Supplement (1.39.14/1.43.4/1.44.1)",
"url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/4P2UZCT4UFX2JKILESDBKT3QQ3JHMWTN/"
}
],
"source_lang": "en-US",
"title": "MediaWiki Extensions: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-22T22:00:00.000+00:00",
"generator": {
"date": "2025-10-23T08:39:02.651+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2336",
"initial_release_date": "2025-10-19T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-10-19T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-22T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.39.14",
"product": {
"name": "Open Source MediaWiki \u003c1.39.14",
"product_id": "T047373"
}
},
{
"category": "product_version",
"name": "1.39.14",
"product": {
"name": "Open Source MediaWiki 1.39.14",
"product_id": "T047373-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:1.39.14"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.43.4",
"product": {
"name": "Open Source MediaWiki \u003c1.43.4",
"product_id": "T047374"
}
},
{
"category": "product_version",
"name": "1.43.4",
"product": {
"name": "Open Source MediaWiki 1.43.4",
"product_id": "T047374-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:1.43.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.44.1",
"product": {
"name": "Open Source MediaWiki \u003c1.44.1",
"product_id": "T047375"
}
},
{
"category": "product_version",
"name": "1.44.1",
"product": {
"name": "Open Source MediaWiki 1.44.1",
"product_id": "T047375-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:1.44.1"
}
}
},
{
"category": "product_version",
"name": "WebAuthn extension",
"product": {
"name": "Open Source MediaWiki WebAuthn extension",
"product_id": "T047804",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:webauthn_extension"
}
}
},
{
"category": "product_version",
"name": "PollNY extension",
"product": {
"name": "Open Source MediaWiki PollNY extension",
"product_id": "T047805",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:pollny_extension"
}
}
},
{
"category": "product_version_range",
"name": "Citizen \u003c3.9.0",
"product": {
"name": "Open Source MediaWiki Citizen \u003c3.9.0",
"product_id": "T047806"
}
},
{
"category": "product_version",
"name": "Citizen 3.9.0",
"product": {
"name": "Open Source MediaWiki Citizen 3.9.0",
"product_id": "T047806-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:citizen__3.9.0"
}
}
},
{
"category": "product_version",
"name": "QuizGame extension",
"product": {
"name": "Open Source MediaWiki QuizGame extension",
"product_id": "T047807",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:quizgame_extension"
}
}
},
{
"category": "product_version",
"name": "Cargo extension",
"product": {
"name": "Open Source MediaWiki Cargo extension",
"product_id": "T047808",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:cargo_extension"
}
}
},
{
"category": "product_version_range",
"name": "AdvancedSearch Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki AdvancedSearch Extension \u003c1.39",
"product_id": "T047809"
}
},
{
"category": "product_version",
"name": "AdvancedSearch Extension 1.39",
"product": {
"name": "Open Source MediaWiki AdvancedSearch Extension 1.39",
"product_id": "T047809-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:advancedsearch_extension__1.39"
}
}
},
{
"category": "product_version_range",
"name": "UploadWizard Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki UploadWizard Extension \u003c1.39",
"product_id": "T047810"
}
},
{
"category": "product_version",
"name": "UploadWizard Extension 1.39",
"product": {
"name": "Open Source MediaWiki UploadWizard Extension 1.39",
"product_id": "T047810-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:uploadwizard_extension__1.39"
}
}
},
{
"category": "product_version_range",
"name": "ImageRating Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki ImageRating Extension \u003c1.39",
"product_id": "T047811"
}
},
{
"category": "product_version",
"name": "ImageRating Extension 1.39",
"product": {
"name": "Open Source MediaWiki ImageRating Extension 1.39",
"product_id": "T047811-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:imagerating_extension__1.39"
}
}
},
{
"category": "product_version_range",
"name": "Skin:BlueSky Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki Skin:BlueSky Extension \u003c1.39",
"product_id": "T047812"
}
},
{
"category": "product_version",
"name": "Skin:BlueSky Extension 1.39",
"product": {
"name": "Open Source MediaWiki Skin:BlueSky Extension 1.39",
"product_id": "T047812-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:skinbluesky_extension__1.39"
}
}
},
{
"category": "product_version_range",
"name": "CirrusSearch Extension \u003c1.43",
"product": {
"name": "Open Source MediaWiki CirrusSearch Extension \u003c1.43",
"product_id": "T047814"
}
},
{
"category": "product_version",
"name": "CirrusSearch Extension 1.43",
"product": {
"name": "Open Source MediaWiki CirrusSearch Extension 1.43",
"product_id": "T047814-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:cirrussearch_extension__1.43"
}
}
},
{
"category": "product_version_range",
"name": "GrowthExperiments Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki GrowthExperiments Extension \u003c1.39",
"product_id": "T047815"
}
},
{
"category": "product_version",
"name": "GrowthExperiments Extension 1.39",
"product": {
"name": "Open Source MediaWiki GrowthExperiments Extension 1.39",
"product_id": "T047815-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:growthexperiments_extension__1.39"
}
}
},
{
"category": "product_version_range",
"name": "CentralAuth Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki CentralAuth Extension \u003c1.39",
"product_id": "T047817"
}
},
{
"category": "product_version",
"name": "CentralAuth Extension 1.39",
"product": {
"name": "Open Source MediaWiki CentralAuth Extension 1.39",
"product_id": "T047817-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:centralauth_extension__1.39"
}
}
},
{
"category": "product_version",
"name": "Cargo Extension",
"product": {
"name": "Open Source MediaWiki Cargo Extension",
"product_id": "T047819",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:cargo_extension"
}
}
},
{
"category": "product_version",
"name": "SecurePoll Extension",
"product": {
"name": "Open Source MediaWiki SecurePoll Extension",
"product_id": "T047820",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:securepoll_extension"
}
}
},
{
"category": "product_version",
"name": "FlexDiagrams Extension",
"product": {
"name": "Open Source MediaWiki FlexDiagrams Extension",
"product_id": "T047821",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:flexdiagrams_extension"
}
}
}
],
"category": "product_name",
"name": "MediaWiki"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11937",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-11937"
},
{
"cve": "CVE-2025-62508",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62508"
},
{
"cve": "CVE-2025-62652",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62652"
},
{
"cve": "CVE-2025-62653",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62653"
},
{
"cve": "CVE-2025-62654",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62654"
},
{
"cve": "CVE-2025-62655",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62655"
},
{
"cve": "CVE-2025-62662",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62662"
},
{
"cve": "CVE-2025-62663",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62663"
},
{
"cve": "CVE-2025-62664",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62664"
},
{
"cve": "CVE-2025-62665",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62665"
},
{
"cve": "CVE-2025-62666",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62666"
},
{
"cve": "CVE-2025-62667",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62667"
},
{
"cve": "CVE-2025-62668",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62668"
},
{
"cve": "CVE-2025-62669",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62669"
},
{
"cve": "CVE-2025-62670",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62670"
},
{
"cve": "CVE-2025-62671",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62671"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…