目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

The Wikimedia Foundation 厂商漏洞列表 / CVE 中文分析 62

The Wikimedia Foundation 厂商相关 62 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

The Wikimedia Foundation 运营维基百科等免费知识平台,核心业务为托管全球最大规模的在线百科全书及多媒体资源。其技术栈基于 MediaWiki,历史上常见漏洞涵盖跨站脚本(XSS)、远程代码执行(RCE)及权限绕过,多源于复杂插件或配置缺陷。作为非营利组织,其安全事件常引发公众对数据完整性的关注。截至最新统计,该实体已关联 62 条 CVE,反映出大规模协作系统在维护代码安全与应对自动化攻击方面的持续挑战。

上位製品 The Wikimedia Foundation: Mediawiki - GrowthExperiments Extension Mediawiki - Cargo Mediawiki - CSS Extension Mediawiki - CentralAuth Extension Mediawiki - WikiLove Extension Mediawiki - FlexDiagrams Extension Mediawiki - CampaignEvents Extension Mediawiki - SecurePoll Extension Mediawiki - LastModified Extension Mediawiki - MultiBoilerplate Extensionmaste Mediawiki - ExternalGuidance Mediawiki - LanguageSelector Extension MediaWiki PageForms extension MediaWiki GlobalBlocking extension MediaWiki WatchAnalytics extension Mediawiki - Translate Extension Mediawiki Foundation - Springboard Extension Mediawiki - WikiLambda Extension Mediawiki - Wikistories Mediawiki - PageTriage Extension Mediawiki - Lockdown Extension Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension MediaWiki CookieConsent extension Mediawiki - Wikibase Extension Mediawiki - ApprovedRevs Extension Mediawiki - Monaco Skin Mediawiki - DiscussionTools Extension Mediawiki - GlobalWatchlist Extension Mediawiki - Score Extension Mediawiki - Wikibase Media Info Extension
CVE IDタイトルCVSS深刻度公開日
CVE-2026-39936 Stored XSS in Score due to usage of non-reserved data attributes — Mediawiki - Score ExtensionCWE-79 6.1AIMediumAI2026-04-07
CVE-2026-39935 XSS-via-i18n in localised wiki names — Mediawiki - CampaignEvents ExtensionCWE-79 6.1AIMediumAI2026-04-07
CVE-2026-39934 Growth Experiments ReassignMenteesJob runs as an infinite loop — Mediawiki - GrowthExperiments ExtensionCWE-835 5.9AIMediumAI2026-04-07
CVE-2026-39933 Multiple XSS vulnerabilities in GlobalWatchlist — Mediawiki - GlobalWatchlist ExtensionCWE-79 6.1AIMediumAI2026-04-07
CVE-2026-39937 Global vanishing does not completely remove user email — Mediawiki - CentralAuth ExtensionCWE-212 7.5AIHighAI2026-04-07
CVE-2026-22711 Stored XSS through system messages in WikiLove — Mediawiki - Wikilove ExtensionCWE-87 6.1AIMediumAI2026-04-07
CVE-2025-11175 DiscussionTools should use better regex — Mediawiki - DiscussionTools ExtensionCWE-917 7.5AIHighAI2026-01-30
CVE-2026-22712 ApprovedRevs allows bypassing the inline CSS sanitizer — Mediawiki - ApprovedRevs ExtensionCWE-116 9.1 -2026-01-09
CVE-2026-22713 Stored XSS through edit summaries in GrowthExperiments — Mediawiki - GrowthExperiments ExtensionCWE-79 6.1 -2026-01-09
CVE-2026-22714 i18n XSS, DoS and config SQLI in Monaco — Mediawiki - Monaco SkinCWE-79 6.1 -2026-01-08
CVE-2026-22710 Stored XSS through autocomment system messages in Wikibase — Mediawiki - Wikibase ExtensionCWE-79 6.1 -2026-01-08
CVE-2025-62659 The CookieConsent extension does not properly use reserved data attributes, thus introducing potential XSS vectors — MediaWiki CookieConsent extensionCWE-79 6.1AIMediumAI2025-10-22
CVE-2025-62661 Do permission checking when getting counts of global and local edits, new articles and thanks — Mediawiki - Thanks Extension, Mediawiki - Growth Experiments ExtensionCWE-276 7.5AIHighAI2025-10-21
CVE-2025-12004 The compare API module breaks Extension:Lockdown — Mediawiki - Lockdown ExtensionCWE-732 8.8AIHighAI2025-10-21
CVE-2025-62701 Stored XSS through system messages — Mediawiki - WikistoriesCWE-79 5.4AIMediumAI2025-10-21
CVE-2025-62702 Stored XSS through system messages — Mediawiki - PageTriage ExtensionCWE-79 6.1AIMediumAI2025-10-21
CVE-2025-62694 Stored XSS through a system message — Mediawiki - WikiLove ExtensionCWE-79 5.4AIMediumAI2025-10-21
CVE-2025-62695 Stored XSS through system messages — Mediawiki - WikiLambda ExtensionCWE-79 5.4AIMediumAI2025-10-21
CVE-2025-62696 Multiple critical security issues in Springboard — Mediawiki Foundation - Springboard ExtensionCWE-77 9.8AICriticalAI2025-10-21
CVE-2025-62699 Special:Translate tool does not use the correct IP and User-Agent in the CheckUser tool — Mediawiki - Translate ExtensionCWE-200 6.5AIMediumAI2025-10-21
CVE-2025-62658 SQL injection in WatchAnalytics through Special:ClearPendingReviews — MediaWiki WatchAnalytics extensionCWE-89 9.8AICriticalAI2025-10-20
CVE-2025-62657 Stored XSS through system messages in PageForms — MediaWiki PageForms extensionCWE-79 5.4AIMediumAI2025-10-20
CVE-2025-62656 GlobalBlocking Special:GlobalBlockList vulnerable to message key stored XSS — MediaWiki GlobalBlocking extensionCWE-79 5.4AIMediumAI2025-10-20
CVE-2025-62697 Improperly sanitized style parameter in LanguageSelector — Mediawiki - LanguageSelector ExtensionCWE-74 9.8AICriticalAI2025-10-20
CVE-2025-62698 Stored XSS through system messages in ExternalGuidance — Mediawiki - ExternalGuidanceCWE-79 6.1AIMediumAI2025-10-20
CVE-2025-62700 Stored XSS through a system message in MultiBoilerplate — Mediawiki - MultiBoilerplate ExtensionmasteCWE-79 5.4AIMediumAI2025-10-20
CVE-2025-62693 Stored XSS through system messages in LastModified — Mediawiki - LastModified ExtensionCWE-79 6.1AIMediumAI2025-10-20
CVE-2025-11937 Stored XSS through a system message in SecurePoll — Mediawiki - SecurePoll ExtensionCWE-79 6.1AIMediumAI2025-10-18
CVE-2025-62666 DoS vector through the cirrusbuilddoc query API — Mediawiki - CirrusSearch ExtensionCWE-770 7.5AIHighAI2025-10-18
CVE-2025-62667 Stored XSS through article extracts in GrowthExperiments — Mediawiki - GrowthExperiments ExtensionCWE-79 6.1AIMediumAI2025-10-18

本页汇总了 The Wikimedia Foundation 厂商截至目前公开的全部 62 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。