CVE-2026-30917— Stored XSS on Bucket namespace pages

Stored XSS on Bucket namespace pages

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed in 2.1.1.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Bucket 跨站脚本漏洞

Bucket是Weird Gloop开源的一个MediaWiki的结构化数据存储扩展。 Bucket 2.1.1之前版本存在跨站脚本漏洞，该漏洞源于PAGE类型字段存在存储型跨站脚本，可能导致用户查看页面时执行恶意脚本。

N/A

N/A