Nixpkgs security tracker

Login with GitHub

Suggestions search

Dismissed
Filter by:
With package: mediawiki

Found 14 matching suggestions

View:
Compact
Detailed
Permalink CVE-2025-6591
4.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 2 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @LeSuisse dismissed 2 months, 3 weeks ago
HTML injection in API action=feedcontributions output from i18n message

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiFeedContributions.Php. This issue affects MediaWiki: from * before 1.39.13, 1.42.7 1.43.2, 1.44.0.

Affected products

MediaWiki
  • <1.39.13, 1.42.7 1.43.2, 1.44.0

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers

Current stable was never impacted.

https://github.com/NixOS/nixpkgs/commit/ebc9ceccc71196b1b32b198377b362dffa3ea30e
Permalink CVE-2025-6927
updated 2 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @LeSuisse dismissed 2 months, 3 weeks ago
Autoblocks from global account suppressions are publicly visible

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php. This issue affects MediaWiki: from >= 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.

Affected products

MediaWiki
  • <1.39.13, 1.42.7 1.43.2, 1.44.0

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers

Current stable was never impacted.

https://github.com/NixOS/nixpkgs/commit/ebc9ceccc71196b1b32b198377b362dffa3ea30e
Permalink CVE-2025-6594
4.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 2 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @LeSuisse dismissed 2 months, 3 weeks ago
XSS in Special:ApiSandbox

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandbox.Js. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.

Affected products

MediaWiki
  • <1.39.13, 1.42.7 1.43.2, 1.44.0

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers

Current stable was never impacted.

https://github.com/NixOS/nixpkgs/commit/ebc9ceccc71196b1b32b198377b362dffa3ea30e
Permalink CVE-2025-61643
updated 2 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @LeSuisse dismissed 2 months, 3 weeks ago
EventStreams publishes suppressed recent change entries that are suppressed from their creation

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

Affected products

MediaWiki
  • <1.39.14, 1.43.4, 1.44.1

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers

Current stable was never impacted.

https://github.com/NixOS/nixpkgs/commit/ebc9ceccc71196b1b32b198377b362dffa3ea30e
Permalink CVE-2025-61636
updated 2 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @LeSuisse dismissed 2 months, 3 weeks ago
Codex Special:Block vulnerable to message key XSS

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

Affected products

MediaWiki
  • <1.39.14, 1.43.4, 1.44.1

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers

Current stable was never impacted.

https://github.com/NixOS/nixpkgs/commit/ebc9ceccc71196b1b32b198377b362dffa3ea30e
Permalink CVE-2025-61637
updated 2 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @LeSuisse dismissed 2 months, 3 weeks ago
Stored XSS through system messages in MW Core

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

Affected products

MediaWiki
  • <1.39.14, 1.43.4, 1.44.1

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers

Current stable was never impacted (https://github.com/NixOS/nixpkgs/commit/ebc9ceccc71196b1b32b198377b362dffa3ea30e)
Permalink CVE-2025-61638
updated 2 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @LeSuisse ignored
    2 packages
    • nodePackages.parsoid
    • nodePackages_latest.parsoid
    2 months, 3 weeks ago
  • @LeSuisse dismissed 2 months, 3 weeks ago
Sanitizer::validateAttributes data-XSS

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, src/Core/Sanitizer.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Parsoid: from * before 0.16.6, 0.20.4, 0.21.1.

Affected products

Parsoid
  • <0.16.6, 0.20.4, 0.21.1
MediaWiki
  • <1.39.14, 1.43.4, 1.44.1

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Ignored packages (2)

pkgs.nodePackages.parsoid

A bidirectional runtime wikitext parser. Converts back and forth between wikitext and HTML/XML DOM with RDFa.

pkgs.nodePackages_latest.parsoid

A bidirectional runtime wikitext parser. Converts back and forth between wikitext and HTML/XML DOM with RDFa.

Package maintainers

Current stable was never impacted (https://github.com/NixOS/nixpkgs/commit/ebc9ceccc71196b1b32b198377b362dffa3ea30e)
Permalink CVE-2025-6590
updated 2 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @LeSuisse dismissed 2 months, 3 weeks ago
Complete content leak of private wikis due to PasswordReset Wikitext injection in error message

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php. This issue affects MediaWiki: from * through 1.39.12, 1.42.76 1.43.1, 1.44.0.

Affected products

MediaWiki
  • =<1.39.12, 1.42.76 1.43.1, 1.44.0

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers

Stable was never impacted (https://github.com/NixOS/nixpkgs/commit/ebc9ceccc71196b1b32b198377b362dffa3ea30e)
Permalink CVE-2025-61642
updated 2 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @LeSuisse dismissed 2 months, 3 weeks ago
Stored XSS through system messages provided to CodexHtmlForms

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/CodexHTMLForm.Php, includes/htmlform/fields/HTMLButtonField.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

Affected products

MediaWiki
  • <1.39.14, 1.43.4, 1.44.1

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers

Stable was never impacted (https://github.com/NixOS/nixpkgs/commit/ebc9ceccc71196b1b32b198377b362dffa3ea30e)
Permalink CVE-2025-61646
updated 2 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @LeSuisse accepted 2 months, 3 weeks ago
  • @LeSuisse dismissed 2 months, 3 weeks ago
Watchlist group mode reveals authors of edits with hidden authorship

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

Affected products

MediaWiki
  • <1.39.14, 1.43.4, 1.44.1

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers

Stable was never impacted (https://github.com/NixOS/nixpkgs/commit/ebc9ceccc71196b1b32b198377b362dffa3ea30e)