CNNVD-202602-509 Information

CNNVD ID

CNNVD-202602-509

Related CVE

CVE-2025-67475

• CNNVD Published: 2026-02-03

Description (Chinese)

Wikimedia MediaWiki是Wikimedia基金会的一个用于构建Wiki网站的Web应用。 Wikimedia MediaWiki 1.39.16之前版本、1.43.6之前版本、1.44.3之前版本和1.45.1之前版本存在安全漏洞，该漏洞源于includes/CommentFormatter/CommentParser.Php文件对输入中和不当，可能导致跨站脚本攻击。

Description (English)

Wikimedia MediaWiki is a Web application of the Wikimedia Foundation to construct the Wiki website. There is a security loophole in the pre-Wikipedia MediaWiki 1.39.16, pre-1.43.6, pre-1.4.4.3 and pre-1.4.5.1, which stems from includes/CommentFormatter/CommentParser.Php files that are inappropriate for input and may result in cross-site script attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

维基媒体

Published

2026-02-03

Last Modified

2026-02-24

References

https://phabricator.wikimedia.org/T406664

Patch

https://www.mediawiki.org/wiki/Download