CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32077 – XSSes in Extension:SimpleCalendar
https://notcve.org/view.php?id=CVE-2025-32077
11 Apr 2025 — Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Extension:SimpleCalendar allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Extension:SimpleCalendar: from 1.39 through 1.43. • https://gerrit.wikimedia.org/r/q/Ic5b5ce8f7791026eff1aafffb32a68f3aab119be • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32078 – XSSes and potential RCE in Special:VersionCompare
https://notcve.org/view.php?id=CVE-2025-32078
11 Apr 2025 — Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Version Compare Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Version Compare Extension: from 1.39 through 1.43. • https://gerrit.wikimedia.org/r/q/If901b3b98e615e1a4f4034d932d2d592000b51d0 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32079 – Saving the right content to MediaWiki:GrowthMentors.json can take down the site
https://notcve.org/view.php?id=CVE-2025-32079
11 Apr 2025 — Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments allows HTTP DoS.This issue affects Mediawiki - GrowthExperiments: from 1.39 through 1.43. • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/1114020 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32080 – Cross-origin data leak in mobilefrontend via lazy load images
https://notcve.org/view.php?id=CVE-2025-32080
11 Apr 2025 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - Mobile Frontend Extension allows Shared Resource Manipulation.This issue affects Mediawiki - Mobile Frontend Extension: from 1.39 through 1.43. • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/MobileFrontend/+/1123392 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32076 – Evil regex used to process user-provided data in VisualData
https://notcve.org/view.php?id=CVE-2025-32076
11 Apr 2025 — Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Visual Data Extension allows HTTP DoS.This issue affects Mediawiki - Visual Data Extension: from 1.39 through 1.43. • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/VisualData/+/1121732 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32072 – HTML injection in feed output from i18n message
https://notcve.org/view.php?id=CVE-2025-32072
11 Apr 2025 — Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue affects Mediawiki Core - Feed Utils: from 1.39 through 1.43. • https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1120134 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32073 – System message XSS in HTMLTags
https://notcve.org/view.php?id=CVE-2025-32073
11 Apr 2025 — Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows Cross-Site Scripting (XSS).This issue affects Mediawiki - HTML Tags: from 1.39 through 1.43. • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/HTMLTags/+/1121056 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32074 – XSSes in Extension:ConfirmAccount
https://notcve.org/view.php?id=CVE-2025-32074
11 Apr 2025 — Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Confirm Account Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Confirm Account Extension: from 1.39 through 1.43. • https://gerrit.wikimedia.org/r/q/I86f47103ffb78c671890b44ccd59fcff6613975f • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32075 – IP and user agent leaks in Extension:Tabs
https://notcve.org/view.php?id=CVE-2025-32075
11 Apr 2025 — Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Tabs Extension allows Code Injection.This issue affects Mediawiki - Tabs Extension: from 1.39 through 1.43. • https://gerrit.wikimedia.org/r/q/I03bec9528ee3ed05f35187458cde4e2fc4b51092 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32067 – i18n XSS vulnerability in message growthexperiments
https://notcve.org/view.php?id=CVE-2025-32067
11 Apr 2025 — Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Growth Experiments Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Growth Experiments Extension: from 1.39 through 1.43. • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/1122163 • CWE-20: Improper Input Validation •