5.6 CVSS

CVE-2025-53489

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - GoogleDocs4MW Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - GoogleDocs4MW Extension: from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

EPSS: 0.40%

Severity: MEDIUM

Jul 03, 2025

5.6 CVSS

CVE-2025-53490

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - CampaignEvents Extension: from 1.43.X before 1.43.2.

EPSS: 0.40%

Severity: MEDIUM

Jul 03, 2025

6.5 CVSS

CVE-2025-53494

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - TwoColConflict Extension allows Stored XSS.This issue affects Mediawiki - TwoColConflict Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

EPSS: 0.37%

Severity: MEDIUM

Jul 02, 2025

6.5 CVSS

CVE-2025-53493

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MintyDocs Extension allows Stored XSS.This issue affects Mediawiki - MintyDocs Extension: from 1.43.X before 1.43.2.

EPSS: 0.41%

Severity: MEDIUM

Jul 02, 2025

3.7 CVSS

CVE-2025-53492

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MintyDocs Extension allows Stored XSS.This issue affects Mediawiki - MintyDocs Extension: from 1.43.X before 1.43.2.

EPSS: 0.29%

Severity: LOW

Jul 02, 2025

5.3 CVSS

CVE-2024-47913

An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.

EPSS: 0.69%

Severity: MEDIUM

Oct 04, 2024

4.8 CVSS

CVE-2024-40605

An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.

EPSS: 0.10%

Severity: MEDIUM

Jul 07, 2024

4.8 CVSS

CVE-2024-40604

An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via MediaWiki:Nimbus-sidebar menu and submenu entries.

EPSS: 0.10%

Severity: MEDIUM

Jul 07, 2024

4.3 CVSS

CVE-2024-40603

An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request.

EPSS: 0.06%

Severity: MEDIUM

Jul 07, 2024

4.8 CVSS

CVE-2024-40602

An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.

EPSS: 0.13%

Severity: MEDIUM

Jul 07, 2024

mediawiki

Security Vulnerability Index