CNNVD-202601-1431 Information

CNNVD ID

CNNVD-202601-1431

Related CVE

CVE-2026-0671

• CNNVD Published: 2026-01-08

Description (Chinese)

MediaWiki - UploadWizard Extension是MediaWiki开源的一个文件上传插件。 MediaWiki - UploadWizard Extension 1.45版本、1.44版本、1.43版本和1.39版本存在安全漏洞，该漏洞源于输入中和不当，可能导致跨站脚本攻击。

Description (English)

MediaWiki - UploadWizard Extension is a file upload plugin for MediaWiki open source. MediaWiki - UploadWizad Extension Version 1.45, 1.44, 1.43 and 1.39 have a security loophole, which originates from inappropriate input and may lead to cross-site script attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

维基媒体

Published

2026-01-08

Last Modified

2026-02-24

References

https://phabricator.wikimedia.org/T407157 https://gerrit.wikimedia.org/r/q/I16de2211594ea9a686868ad7789f9879bf981fa1 https://access.redhat.com/security/cve/cve-2026-0671

Patch

https://www.mediawiki.org/wiki/Special:ExtensionDistributor/UploadWizard