Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Dismissed
Filter by:
With package: mediawiki

Found 14 matching suggestions

Permalink CVE-2025-6591
updated 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 2 weeks, 5 days ago
  • @LeSuisse dismissed 2 weeks ago
HTML injection in API action=feedcontributions output from i18n message

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiFeedContributions.Php. This issue affects MediaWiki: from * before 1.39.13, 1.42.7 1.43.2, 1.44.0.

Affected products

MediaWiki
  • <1.39.13, 1.42.7 1.43.2, 1.44.0

Matching in nixpkgs

Package maintainers

Current stable was never impacted.

https://github.com/NixOS/nixpkgs/commit/ebc9ceccc71196b1b32b198377b362dffa3ea30e
Permalink CVE-2025-6927
updated 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 2 weeks, 5 days ago
  • @LeSuisse dismissed 2 weeks ago
Autoblocks from global account suppressions are publicly visible

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php. This issue affects MediaWiki: from >= 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.

Affected products

MediaWiki
  • <1.39.13, 1.42.7 1.43.2, 1.44.0

Matching in nixpkgs

Package maintainers

Current stable was never impacted.

https://github.com/NixOS/nixpkgs/commit/ebc9ceccc71196b1b32b198377b362dffa3ea30e
Permalink CVE-2025-6594
updated 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 2 weeks, 5 days ago
  • @LeSuisse dismissed 2 weeks ago
XSS in Special:ApiSandbox

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandbox.Js. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.

Affected products

MediaWiki
  • <1.39.13, 1.42.7 1.43.2, 1.44.0

Matching in nixpkgs

Package maintainers

Current stable was never impacted.

https://github.com/NixOS/nixpkgs/commit/ebc9ceccc71196b1b32b198377b362dffa3ea30e
Permalink CVE-2025-61643
updated 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 2 weeks, 5 days ago
  • @LeSuisse dismissed 2 weeks ago
EventStreams publishes suppressed recent change entries that are suppressed from their creation

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

Affected products

MediaWiki
  • <1.39.14, 1.43.4, 1.44.1

Matching in nixpkgs

Package maintainers

Current stable was never impacted.

https://github.com/NixOS/nixpkgs/commit/ebc9ceccc71196b1b32b198377b362dffa3ea30e
Permalink CVE-2025-61636
updated 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 2 weeks, 5 days ago
  • @LeSuisse dismissed 2 weeks ago
Codex Special:Block vulnerable to message key XSS

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

Affected products

MediaWiki
  • <1.39.14, 1.43.4, 1.44.1

Matching in nixpkgs

Package maintainers

Current stable was never impacted.

https://github.com/NixOS/nixpkgs/commit/ebc9ceccc71196b1b32b198377b362dffa3ea30e
Permalink CVE-2025-61637
updated 2 weeks, 2 days ago by @LeSuisse Activity log
  • Created automatic suggestion 2 weeks, 5 days ago
  • @LeSuisse dismissed 2 weeks, 2 days ago
Stored XSS through system messages in MW Core

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

Affected products

MediaWiki
  • <1.39.14, 1.43.4, 1.44.1

Matching in nixpkgs

Package maintainers

Current stable was never impacted (https://github.com/NixOS/nixpkgs/commit/ebc9ceccc71196b1b32b198377b362dffa3ea30e)
Permalink CVE-2025-61638
updated 2 weeks, 2 days ago by @LeSuisse Activity log
  • Created automatic suggestion 2 weeks, 5 days ago
  • @LeSuisse removed
    2 packages
    • nodePackages.parsoid
    • nodePackages_latest.parsoid
    2 weeks, 2 days ago
  • @LeSuisse dismissed 2 weeks, 2 days ago
Sanitizer::validateAttributes data-XSS

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, src/Core/Sanitizer.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Parsoid: from * before 0.16.6, 0.20.4, 0.21.1.

Affected products

Parsoid
  • <0.16.6, 0.20.4, 0.21.1
MediaWiki
  • <1.39.14, 1.43.4, 1.44.1

Matching in nixpkgs

Package maintainers

Current stable was never impacted (https://github.com/NixOS/nixpkgs/commit/ebc9ceccc71196b1b32b198377b362dffa3ea30e)
Permalink CVE-2025-6590
updated 2 weeks, 2 days ago by @LeSuisse Activity log
  • Created automatic suggestion 2 weeks, 5 days ago
  • @LeSuisse dismissed 2 weeks, 2 days ago
Complete content leak of private wikis due to PasswordReset Wikitext injection in error message

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php. This issue affects MediaWiki: from * through 1.39.12, 1.42.76 1.43.1, 1.44.0.

Affected products

MediaWiki
  • =<1.39.12, 1.42.76 1.43.1, 1.44.0

Matching in nixpkgs

Package maintainers

Stable was never impacted (https://github.com/NixOS/nixpkgs/commit/ebc9ceccc71196b1b32b198377b362dffa3ea30e)
Permalink CVE-2025-61642
updated 2 weeks, 2 days ago by @LeSuisse Activity log
  • Created automatic suggestion 2 weeks, 5 days ago
  • @LeSuisse dismissed 2 weeks, 2 days ago
Stored XSS through system messages provided to CodexHtmlForms

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/CodexHTMLForm.Php, includes/htmlform/fields/HTMLButtonField.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

Affected products

MediaWiki
  • <1.39.14, 1.43.4, 1.44.1

Matching in nixpkgs

Package maintainers

Stable was never impacted (https://github.com/NixOS/nixpkgs/commit/ebc9ceccc71196b1b32b198377b362dffa3ea30e)
Permalink CVE-2025-61646
updated 2 weeks, 2 days ago by @LeSuisse Activity log
  • Created automatic suggestion 2 weeks, 4 days ago
  • @LeSuisse accepted 2 weeks, 2 days ago
  • @LeSuisse dismissed 2 weeks, 2 days ago
Watchlist group mode reveals authors of edits with hidden authorship

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

Affected products

MediaWiki
  • <1.39.14, 1.43.4, 1.44.1

Matching in nixpkgs

Package maintainers

Stable was never impacted (https://github.com/NixOS/nixpkgs/commit/ebc9ceccc71196b1b32b198377b362dffa3ea30e)