VYPR

Scribunto

by MediaWiki

Source repositories

CVEs (5)

  • CVE-2025-67482LowFeb 3, 2026
    risk 0.11cvss epss 0.00

    Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C. This issue affects Scribunto: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1;…

  • CVE-2025-53501Jul 3, 2025
    risk 0.00cvss epss 0.00

    Improper Access Control vulnerability in Wikimedia Foundation Mediawiki - Scribunto Extension allows : Accessing Functionality Not Properly Constrained by Authorization.This issue affects Mediawiki - Scribunto Extension: from 1.39.X before 1.39.12, from 1.42.X before 1.42.7,…

  • CVE-2014-9481Jan 27, 2020
    risk 0.00cvss epss 0.01

    The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.

  • CVE-2015-2939Apr 13, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace.

  • CVE-2013-4571May 12, 2014
    risk 0.00cvss epss 0.01

    Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors.