Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-5762 (GCVE-0-2026-5762)
Vulnerability from cvelistv5 – Published: 2026-04-07 18:42 – Updated: 2026-04-08 19:12
VLAI
EPSS
Title
ReportIncident DiscussionTools integration causes slow requests
Summary
Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation MediaWiki - ReportIncident Extension allows HTTP DoS.
This issue was remediated only on the `master` branch.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of resources without limits or throttling
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wikimedia Foundation | MediaWiki - ReportIncident Extension |
Affected:
0 , < 1.43
(custom)
Affected: 1.43 Affected: 1.44 Affected: 1.45 |
Credits
Dreamy_Jazz
STran
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5762",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T20:34:37.836813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T20:42:43.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaWiki - ReportIncident Extension",
"vendor": "Wikimedia Foundation",
"versions": [
{
"lessThan": "1.43",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "affected",
"version": "1.43"
},
{
"status": "affected",
"version": "1.44"
},
{
"status": "affected",
"version": "1.45"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dreamy_Jazz"
},
{
"lang": "en",
"type": "finder",
"value": "STran"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation MediaWiki - ReportIncident Extension allows HTTP DoS.\u003cdiv\u003e\u003cbr\u003e\u003cp\u003eThis issue was remediated only on the `master` branch.\u003c/p\u003e\u003c/div\u003e"
}
],
"value": "Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation MediaWiki - ReportIncident Extension allows HTTP DoS.\nThis issue was remediated only on the `master` branch."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of resources without limits or throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T19:12:52.328Z",
"orgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"shortName": "wikimedia-foundation"
},
"references": [
{
"url": "https://phabricator.wikimedia.org/T414582"
},
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ReportIncident/+/1226884"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ReportIncident DiscussionTools integration causes slow requests",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"assignerShortName": "wikimedia-foundation",
"cveId": "CVE-2026-5762",
"datePublished": "2026-04-07T18:42:35.336Z",
"dateReserved": "2026-04-07T18:21:15.769Z",
"dateUpdated": "2026-04-08T19:12:52.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-5762",
"date": "2026-06-17",
"epss": "0.00256",
"percentile": "0.1675"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-5762\",\"sourceIdentifier\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\",\"published\":\"2026-04-07T19:16:48.347\",\"lastModified\":\"2026-04-08T21:27:00.663\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation MediaWiki - ReportIncident Extension allows HTTP DoS.\\nThis issue was remediated only on the `master` branch.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"references\":[{\"url\":\"https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ReportIncident/+/1226884\",\"source\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\"},{\"url\":\"https://phabricator.wikimedia.org/T414582\",\"source\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-5762\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-07T20:34:37.836813Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-07T20:40:23.853Z\"}}], \"cna\": {\"title\": \"ReportIncident DiscussionTools integration causes slow requests\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Dreamy_Jazz\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"STran\"}], \"impacts\": [{\"capecId\": \"CAPEC-469\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-469 HTTP DoS\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Wikimedia Foundation\", \"product\": \"MediaWiki - ReportIncident Extension\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.43\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.43\"}, {\"status\": \"affected\", \"version\": \"1.44\"}, {\"status\": \"affected\", \"version\": \"1.45\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://phabricator.wikimedia.org/T414582\"}, {\"url\": \"https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ReportIncident/+/1226884\"}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation MediaWiki - ReportIncident Extension allows HTTP DoS.\\nThis issue was remediated only on the `master` branch.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation MediaWiki - ReportIncident Extension allows HTTP DoS.\u003cdiv\u003e\u003cbr\u003e\u003cp\u003eThis issue was remediated only on the `master` branch.\u003c/p\u003e\u003c/div\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of resources without limits or throttling\"}]}], \"providerMetadata\": {\"orgId\": \"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\", \"shortName\": \"wikimedia-foundation\", \"dateUpdated\": \"2026-04-08T19:12:52.328Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-5762\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-08T19:12:52.328Z\", \"dateReserved\": \"2026-04-07T18:21:15.769Z\", \"assignerOrgId\": \"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\", \"datePublished\": \"2026-04-07T18:42:35.336Z\", \"assignerShortName\": \"wikimedia-foundation\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-5762
Vulnerability from fkie_nvd - Published: 2026-04-07 19:16 - Updated: 2026-06-17 10:59
Severity
Summary
Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation MediaWiki - ReportIncident Extension allows HTTP DoS.
This issue was remediated only on the `master` branch.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "MediaWiki - ReportIncident Extension",
"vendor": "Wikimedia Foundation",
"versions": [
{
"lessThan": "1.43",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "affected",
"version": "1.43"
},
{
"status": "affected",
"version": "1.44"
},
{
"status": "affected",
"version": "1.45"
}
]
}
],
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation MediaWiki - ReportIncident Extension allows HTTP DoS.\nThis issue was remediated only on the `master` branch."
}
],
"id": "CVE-2026-5762",
"lastModified": "2026-06-17T10:59:36.780",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-5762",
"options": [
{
"exploitation": "poc"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T20:34:37.836813Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-04-07T19:16:48.347",
"references": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ReportIncident/+/1226884"
},
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"url": "https://phabricator.wikimedia.org/T414582"
}
],
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary"
}
]
}
GHSA-GRMR-HPR9-GWW7
Vulnerability from github – Published: 2026-04-07 21:32 – Updated: 2026-04-08 21:33
VLAI
Details
Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation MediaWiki - ReportIncident Extension allows HTTP DoS.This issue affects MediaWiki - ReportIncident Extension: 1.43.7, 1.44.4, 1.45.2.
Severity
{
"affected": [],
"aliases": [
"CVE-2026-5762"
],
"database_specific": {
"cwe_ids": [
"CWE-770"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-07T19:16:48Z",
"severity": "MODERATE"
},
"details": "Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation MediaWiki - ReportIncident Extension allows HTTP DoS.This issue affects MediaWiki - ReportIncident Extension: 1.43.7, 1.44.4, 1.45.2.",
"id": "GHSA-grmr-hpr9-gww7",
"modified": "2026-04-08T21:33:21Z",
"published": "2026-04-07T21:32:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5762"
},
{
"type": "WEB",
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ReportIncident/+/1226884"
},
{
"type": "WEB",
"url": "https://phabricator.wikimedia.org/T411394"
},
{
"type": "WEB",
"url": "https://phabricator.wikimedia.org/T414582"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
WID-SEC-W-2026-1043
Vulnerability from csaf_certbund - Published: 2026-04-09 22:00 - Updated: 2026-04-09 22:00Summary
MediaWiki Erweiterungen: Mehrere Schwachstellen ermöglichen Cross-Site Scripting
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: MediaWiki ist ein freies Wiki, das ursprünglich für den Einsatz auf Wikipedia entwickelt wurde.
Angriff: Ein Angreifer kann mehrere Schwachstellen in MediaWiki Extensions ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki GrowthExperiments Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:growthexperiments_extension
|
GrowthExperiments Extension | |
|
Open Source MediaWiki CampaignEvents Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:campaignevents_extension
|
CampaignEvents Extension | |
|
Open Source MediaWiki ReportIncident Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:reportincident__extension
|
ReportIncident Extension | |
|
Open Source MediaWiki ProofreadPage Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:proofreadpage_extension
|
ProofreadPage Extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki <1.45.2
Open Source / MediaWiki
|
<1.45.2 | ||
|
Open Source MediaWiki Wikilove Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:wikilove_extension
|
Wikilove Extension | |
|
Open Source MediaWiki Score Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:score_extension
|
Score Extension | |
|
Open Source MediaWiki <1.43.7
Open Source / MediaWiki
|
<1.43.7 | ||
|
Open Source MediaWiki CentralAuth Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:centralauth__extension
|
CentralAuth Extension | |
|
Open Source MediaWiki <1.44.4
Open Source / MediaWiki
|
<1.44.4 |
References
16 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "MediaWiki ist ein freies Wiki, das urspr\u00fcnglich f\u00fcr den Einsatz auf Wikipedia entwickelt wurde.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in MediaWiki Extensions ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1043 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1043.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1043 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1043"
},
{
"category": "external",
"summary": "MediaWiki Extensions and Skins Security Release Supplement (1.43.7/1.44.4/1.45.2) vom 2026-04-09",
"url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/VXEYKT6FNA5NYFPAYU67SNTNBXLTQ4FN/"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19851 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19851"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19889 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19889"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19891 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19891"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19897 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19897"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19927 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19927"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19929 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19929"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-8m8x-w498-p4wx vom 2026-04-09",
"url": "https://github.com/advisories/GHSA-8m8x-w498-p4wx"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19931 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19931"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19976 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19976"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19978 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19978"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19980 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19980"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19982 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19982"
},
{
"category": "external",
"summary": "EU Vulnerability Database EUVD-2026-19984 vom 2026-04-09",
"url": "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19984"
}
],
"source_lang": "en-US",
"title": "MediaWiki Erweiterungen: Mehrere Schwachstellen erm\u00f6glichen Cross-Site Scripting",
"tracking": {
"current_release_date": "2026-04-09T22:00:00.000+00:00",
"generator": {
"date": "2026-04-10T09:09:08.024+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-1043",
"initial_release_date": "2026-04-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.43.7",
"product": {
"name": "Open Source MediaWiki \u003c1.43.7",
"product_id": "T052630"
}
},
{
"category": "product_version",
"name": "1.43.7",
"product": {
"name": "Open Source MediaWiki 1.43.7",
"product_id": "T052630-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:1.43.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.44.4",
"product": {
"name": "Open Source MediaWiki \u003c1.44.4",
"product_id": "T052631"
}
},
{
"category": "product_version",
"name": "1.44.4",
"product": {
"name": "Open Source MediaWiki 1.44.4",
"product_id": "T052631-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:1.44.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.45.2",
"product": {
"name": "Open Source MediaWiki \u003c1.45.2",
"product_id": "T052632"
}
},
{
"category": "product_version",
"name": "1.45.2",
"product": {
"name": "Open Source MediaWiki 1.45.2",
"product_id": "T052632-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:1.45.2"
}
}
},
{
"category": "product_version",
"name": "Wikilove Extension",
"product": {
"name": "Open Source MediaWiki Wikilove Extension",
"product_id": "T052633",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:wikilove_extension"
}
}
},
{
"category": "product_version",
"name": "ProofreadPage Extension",
"product": {
"name": "Open Source MediaWiki ProofreadPage Extension",
"product_id": "T052634",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:proofreadpage_extension"
}
}
},
{
"category": "product_version",
"name": "Cargo Extension",
"product": {
"name": "Open Source MediaWiki Cargo Extension",
"product_id": "T052635",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:cargo_extension"
}
}
},
{
"category": "product_version",
"name": "ReportIncident Extension",
"product": {
"name": "Open Source MediaWiki ReportIncident Extension",
"product_id": "T052636",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:reportincident__extension"
}
}
},
{
"category": "product_version",
"name": "GrowthExperiments Extension",
"product": {
"name": "Open Source MediaWiki GrowthExperiments Extension",
"product_id": "T052638",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:growthexperiments_extension"
}
}
},
{
"category": "product_version",
"name": "CampaignEvents Extension",
"product": {
"name": "Open Source MediaWiki CampaignEvents Extension",
"product_id": "T052639",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:campaignevents_extension"
}
}
},
{
"category": "product_version",
"name": "Score Extension",
"product": {
"name": "Open Source MediaWiki Score Extension",
"product_id": "T052641",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:score_extension"
}
}
},
{
"category": "product_version",
"name": "CentralAuth Extension",
"product": {
"name": "Open Source MediaWiki CentralAuth Extension",
"product_id": "T052642",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:centralauth__extension"
}
}
}
],
"category": "product_name",
"name": "MediaWiki"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-22711",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-22711"
},
{
"cve": "CVE-2026-30977",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-30977"
},
{
"cve": "CVE-2026-39837",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-39837"
},
{
"cve": "CVE-2026-39838",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-39838"
},
{
"cve": "CVE-2026-39839",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-39839"
},
{
"cve": "CVE-2026-39840",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-39840"
},
{
"cve": "CVE-2026-39841",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-39841"
},
{
"cve": "CVE-2026-39933",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-39933"
},
{
"cve": "CVE-2026-39934",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-39934"
},
{
"cve": "CVE-2026-39935",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-39935"
},
{
"cve": "CVE-2026-39936",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-39936"
},
{
"cve": "CVE-2026-39937",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-39937"
},
{
"cve": "CVE-2026-5762",
"product_status": {
"known_affected": [
"T052638",
"T052639",
"T052636",
"T052634",
"T052635",
"T052632",
"T052633",
"T052641",
"T052630",
"T052642",
"T052631"
]
},
"release_date": "2026-04-09T22:00:00.000+00:00",
"title": "CVE-2026-5762"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…