Semantic Mediawiki

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-10354 MEDIUM PATCH This Month

Reflected cross-site scripting (XSS) in Semantic MediaWiki 5.0.2 allows unauthenticated remote attackers to inject malicious JavaScript via the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter. A victim visiting an attacker-crafted URL executes arbitrary JavaScript in their browser, enabling session cookie theft or unauthorized actions on behalf of the user. User interaction (clicking the link) is required. No public exploit code or active exploitation has been identified at time of analysis.

XSS PHP Semantic Mediawiki

NVD

CVSS 4.0

5.1

EPSS

0.0%

CVE-2025-10354

EPSS 0% CVSS 5.1

MEDIUM PATCH This Month

Reflected cross-site scripting (XSS) in Semantic MediaWiki 5.0.2 allows unauthenticated remote attackers to inject malicious JavaScript via the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter. A victim visiting an attacker-crafted URL executes arbitrary JavaScript in their browser, enabling session cookie theft or unauthorized actions on behalf of the user. User interaction (clicking the link) is required. No public exploit code or active exploitation has been identified at time of analysis.

XSS PHP Semantic Mediawiki

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy