Nixpkgs security tracker

Login with GitHub

Suggestion detail

Dismissed
Permalink CVE-2025-61638
updated 2 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @LeSuisse ignored
    2 packages
    • nodePackages.parsoid
    • nodePackages_latest.parsoid
    2 months, 3 weeks ago
  • @LeSuisse dismissed 2 months, 3 weeks ago
Sanitizer::validateAttributes data-XSS

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, src/Core/Sanitizer.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Parsoid: from * before 0.16.6, 0.20.4, 0.21.1.

Affected products

Parsoid
  • <0.16.6, 0.20.4, 0.21.1
MediaWiki
  • <1.39.14, 1.43.4, 1.44.1

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Ignored packages (2)

pkgs.nodePackages.parsoid

A bidirectional runtime wikitext parser. Converts back and forth between wikitext and HTML/XML DOM with RDFa.

pkgs.nodePackages_latest.parsoid

A bidirectional runtime wikitext parser. Converts back and forth between wikitext and HTML/XML DOM with RDFa.

Package maintainers

Current stable was never impacted (https://github.com/NixOS/nixpkgs/commit/ebc9ceccc71196b1b32b198377b362dffa3ea30e)