CNNVD-202602-181 Information

Feb 03, 2026 cve

CNNVD ID

CNNVD-202602-181

CVE-2025-61642

CNNVD Published: 2026-02-03

Description (Chinese)

MediaWiki是美国维基媒体（Wikimedia）基金会的一套自由免费的基于网络的Wiki引擎。该产品可用于部署内部的知识管理和内容管理系统。 MediaWiki 1.39.14之前版本、1.43.4之前版本和1.44.1之前版本存在安全漏洞，该漏洞源于程序文件includes/htmlform/CodexHTMLForm.Php和includes/htmlform/fields/HTMLButtonField.Php存在输入中和不当，可能导致跨站脚本攻击。

Description (English)

MediaWiki is a free, free, web-based Wiki engine for the Wikimedia Foundation in the United States. The product can be used for the deployment of internal knowledge management and content management systems. There is a security loophole in the pre-MediaWiki, pre-1.43.4 and pre-1.44.1 versions, which stems from the includes/htmlform/CodexHTMLForm.Php and includes/htmlform/fields/HTMLButton Field.Php, which may result in a cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

维基媒体

Published

2026-02-03

Last Modified

2026-02-24

References

https://phabricator.wikimedia.org/T402313

Patch

https://phabricator.wikimedia.org/T402313

Share on: