CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-32699 – Potential javascript injection attack enabled by Unicode normalization in Action API
https://notcve.org/view.php?id=CVE-2025-32699
10 Apr 2025 — Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2. Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T387130 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-30458 – Gentoo Linux Security Advisory 202107-40
https://notcve.org/view.php?id=CVE-2021-30458
09 Apr 2021 — An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a tag, bypassing sanitization steps, and potentially allowing for XSS. Se detectó un problema en Wikimedia Parsoid versiones anteriores a 0.11.1 y versiones 0.12.x anteriores a 0.12.2. Un atacante puede enviar wikitexto diseñado que el archivo Utils/WTUtils.php transformará mediante el uso de una etiqueta (meta), omitiendo los p... • https://phabricator.wikimedia.org/T279451 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •