📦

parsoid

Vendor: wikimedia

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 3 Total Indexed

Avg. EPSS 0.19% Exploit Prob.

Latest CVE CVE-2025-61638 Feb 03

Security Vulnerability Index

Page 1 / 1

0.0 CVSS

CVE-2025-61638

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, src/Core/Sanitizer.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Parsoid: from * before 0.16.6, 0.20.4, 0.21.1.

EPSS: 0.01%

Severity: NONE

Feb 03, 2026

6.1 CVSS

CVE-2021-30458

An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a <meta> tag, bypassing sanitization steps, and potentially allowing for XSS.

EPSS: 0.37%

Severity: MEDIUM

Apr 09, 2021

Displaying 2 of 3 Total Entries

Total 1 Sections