Search for packages
| purl | pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1 |
| Next non-vulnerable version | 1:1.43.8+dfsg-2 |
| Latest non-vulnerable version | 1:1.43.8+dfsg-2 |
| Risk |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7831-8u7z-6fep
Aliases: CVE-2025-32697 |
Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php. This issue affects MediaWiki: before 1.42.6, 1.43.1. |
Affected by 9 other vulnerabilities. |
|
VCID-cbtm-g4t5-u3am
Aliases: CVE-2026-34093 |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
|
VCID-d5vz-puw9-t7er
Aliases: CVE-2026-34088 |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
|
VCID-kw32-af5a-hqg8
Aliases: CVE-2026-34095 |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
|
VCID-wktm-ya6k-v7dv
Aliases: CVE-2026-34086 |
Affected by 9 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
|
VCID-x8t7-agtn-zudu
Aliases: CVE-2026-34087 |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
|
VCID-zmax-894d-5kfd
Aliases: CVE-2026-34092 |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2wcb-hty6-uyez | Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue affects Mediawiki Core - Feed Utils: from 1.39 through 1.43. |
CVE-2025-32072
|
| VCID-3zue-5ccg-23hs | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1. |
CVE-2025-67480
|
| VCID-4yhr-jjt9-afaq | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1. |
CVE-2025-61641
|
| VCID-5myd-ngfx-5qhb | mediawiki: group-.*-member messages are not properly escaped on Special:log/rights |
CVE-2023-51704
|
| VCID-74ej-8sna-jyek | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/LogPager.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1. |
CVE-2025-32698
|
| VCID-7wh4-say2-pqap | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files src/ce/ve.Ce.ClipboardHandler.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1. |
CVE-2025-61656
|
| VCID-8uw8-ja3w-r3da | MediaWiki: MediaWiki: Cross-site Scripting (XSS) vulnerability |
CVE-2025-11261
|
| VCID-95d1-mkm6-r3cq | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiFeedContributions.Php. This issue affects MediaWiki: from * before 1.39.13, 1.42.7 1.43.2, 1.44.0. |
CVE-2025-6591
|
| VCID-a8nh-mvhd-bka7 | MediaWiki: MediaWiki: Vulnerability in authentication management |
CVE-2025-6597
|
| VCID-b5ke-cjtq-q3ev | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MultimediaViewer.This issue affects MultimediaViewer: from * before 1.39.13, 1.42.7, 1.43.2, 1.44.0. |
CVE-2025-6595
|
| VCID-cbtm-g4t5-u3am |
CVE-2026-34093
|
|
| VCID-d5vz-puw9-t7er |
CVE-2026-34088
|
|
| VCID-den1-257q-euc9 | Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from * before 1.39.14, 1.43.4, 1.44.1. |
CVE-2025-61653
|
| VCID-e8np-4nbw-t3b3 | Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is associated with program files src/Special/OATHManage.Php. This issue affects OATHAuth: from * before 1.39.14, 1.43.4, 1.44.1. |
CVE-2025-11173
|
| VCID-fptt-2t1j-8fec | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1. |
CVE-2025-61639
|
| VCID-h3d2-nr9e-nqbk | Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. |
CVE-2025-6926
|
| VCID-h789-pcxv-kbgd | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php. This issue affects MediaWiki: from * through 1.39.12, 1.42.76 1.43.1, 1.44.0. |
CVE-2025-6590
|
| VCID-k7qb-7hbj-1qc2 | MediaWiki: MediaWiki: Cross-site Scripting vulnerability via improper input neutralization |
CVE-2025-6594
|
| VCID-kw32-af5a-hqg8 |
CVE-2026-34095
|
|
| VCID-m1xy-yucr-dqfs | Vulnerability in Wikimedia Foundation ConfirmEdit. This vulnerability is associated with program files includes/FancyCaptcha/ApiFancyCaptchaReload.Php. This issue affects ConfirmEdit: *. |
CVE-2025-61635
|
| VCID-m7uw-sa5j-u3bw | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1. |
CVE-2025-67481
|
| VCID-mbs4-gs37-1fh5 | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1. |
CVE-2025-61646
|
| VCID-pm3s-z5ap-qqay | MediaWiki: MediaWiki: Arbitrary code execution via Cross-site Scripting (XSS) |
CVE-2025-61640
|
| VCID-pwjk-pzpj-aff6 | Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2. |
CVE-2025-32699
|
| VCID-qpgu-mg6m-vyef | Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C. This issue affects Scribunto: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from * before fea2304f8f6ab30314369a612f4f5b165e68e95a. |
CVE-2025-67482
|
| VCID-sr9a-a6vt-1qgt | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, src/Core/Sanitizer.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Parsoid: from * before 0.16.6, 0.20.4, 0.21.1. |
CVE-2025-61638
|
| VCID-tutk-y8jg-n7dh | Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files includes/Mail/UserMailer.Php. This issue affects CheckUser: from * before 1.39.14, 1.43.4, 1.44.1. |
CVE-2025-67478
|
| VCID-v3dp-7stt-tygf | MediaWiki: MediaWiki: Cross-site Scripting vulnerability due to improper input neutralization |
CVE-2025-67475
|
| VCID-vjd5-jv5h-yfhw | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files includes/ApiVisualEditorEdit.Php, modules/ve-mw/init/targets/ve.Init.Mw.DesktopArticleTarget.Js, modules/ve-mw/ui/dialogs/ve.Ui.MWSaveDialog.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1. |
CVE-2025-61655
|
| VCID-w51y-hprj-buap | Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1. |
CVE-2025-32696
|
| VCID-wraf-59ce-u3br | MediaWiki: MediaWiki: Vulnerability in parsing and sanitization |
CVE-2025-67479
|
| VCID-x8t7-agtn-zudu |
CVE-2026-34087
|
|
| VCID-xtd9-wbd9-67ew | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0. |
CVE-2025-6593
|
| VCID-z3qw-4ejj-uffj | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1. |
CVE-2025-3469
|
| VCID-z8qp-v64u-tuh8 | MediaWiki: MediaWiki: Vulnerability in ApiFormatXml.Php requiring high privileges |
CVE-2025-67484
|
| VCID-zmax-894d-5kfd |
CVE-2026-34092
|
|
| VCID-ztxx-cc2c-87at | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1. |
CVE-2025-61643
|