Checkuser
Monthly
Cross-site scripting in the Wikimedia Foundation CheckUser extension (versions 1.46.0-rc.0 up to but not including 1.46.0) allows a high-privileged attacker to inject malicious scripts via the blockConnectedTempAccountsField Vue component used in the Temporary Accounts blocking workflow. Exploitation requires both elevated CheckUser-level privileges and active user interaction from another party, materially constraining real-world risk. No public exploit code exists and this CVE is not listed in CISA KEV, indicating no confirmed active exploitation at time of analysis.
Wikimedia Foundation CheckUser versions 1.45.0 through 1.45.1 expose sensitive information to unauthorized actors through a flaw in access control, allowing high-privileged users with user interaction to view data they should not access. The vulnerability affects the CheckUser extension used across Wikimedia projects and is confirmed patched in version 1.45.2. EPSS and active exploitation status are not publicly documented, but the low CVSS score (4.8) and requirement for elevated privileges limit real-world impact.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser.
An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.
Cross-site scripting in the Wikimedia Foundation CheckUser extension (versions 1.46.0-rc.0 up to but not including 1.46.0) allows a high-privileged attacker to inject malicious scripts via the blockConnectedTempAccountsField Vue component used in the Temporary Accounts blocking workflow. Exploitation requires both elevated CheckUser-level privileges and active user interaction from another party, materially constraining real-world risk. No public exploit code exists and this CVE is not listed in CISA KEV, indicating no confirmed active exploitation at time of analysis.
Wikimedia Foundation CheckUser versions 1.45.0 through 1.45.1 expose sensitive information to unauthorized actors through a flaw in access control, allowing high-privileged users with user interaction to view data they should not access. The vulnerability affects the CheckUser extension used across Wikimedia projects and is confirmed patched in version 1.45.2. EPSS and active exploitation status are not publicly documented, but the low CVSS score (4.8) and requirement for elevated privileges limit real-world impact.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser.
An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.