VYPR

Mediawiki Extensions Approvedrevs

by Wikimedia Foundation

Source repositories

CVEs (2)

  • CVE-2025-53487MedJul 7, 2025
    risk 0.35cvss 5.4epss 0.00

    The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this by injecting JavaScript payloads via the uselang=x-xss language override, which causes…

  • CVE-2026-22712Jan 9, 2026
    risk 0.00cvss epss 0.00

    Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39.