{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "MediaWiki ist ein freies Wiki, das ursprünglich für den Einsatz auf Wikipedia entwickelt wurde.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein Angreifer kann mehrere Schwachstellen in MediaWiki Extensions ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Sonstiges\n- UNIX\n- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-1043 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1043.json" }, { "category" : "self", "summary" : "WID-SEC-2026-1043 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1043" }, { "category" : "external", "summary" : "MediaWiki Extensions and Skins Security Release Supplement (1.43.7/1.44.4/1.45.2) vom 2026-04-09", "url" : "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/VXEYKT6FNA5NYFPAYU67SNTNBXLTQ4FN/" }, { "category" : "external", "summary" : "EU Vulnerability Database EUVD-2026-19851 vom 2026-04-09", "url" : "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19851" }, { "category" : "external", "summary" : "EU Vulnerability Database EUVD-2026-19889 vom 2026-04-09", "url" : "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19889" }, { "category" : "external", "summary" : "EU Vulnerability Database EUVD-2026-19891 vom 2026-04-09", "url" : "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19891" }, { "category" : "external", "summary" : "EU Vulnerability Database EUVD-2026-19897 vom 2026-04-09", "url" : "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19897" }, { "category" : "external", "summary" : "EU Vulnerability Database EUVD-2026-19927 vom 2026-04-09", "url" : "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19927" }, { "category" : "external", "summary" : "EU Vulnerability Database EUVD-2026-19929 vom 2026-04-09", "url" : "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19929" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-8m8x-w498-p4wx vom 2026-04-09", "url" : "https://github.com/advisories/GHSA-8m8x-w498-p4wx" }, { "category" : "external", "summary" : "EU Vulnerability Database EUVD-2026-19931 vom 2026-04-09", "url" : "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19931" }, { "category" : "external", "summary" : "EU Vulnerability Database EUVD-2026-19976 vom 2026-04-09", "url" : "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19976" }, { "category" : "external", "summary" : "EU Vulnerability Database EUVD-2026-19978 vom 2026-04-09", "url" : "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19978" }, { "category" : "external", "summary" : "EU Vulnerability Database EUVD-2026-19980 vom 2026-04-09", "url" : "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19980" }, { "category" : "external", "summary" : "EU Vulnerability Database EUVD-2026-19982 vom 2026-04-09", "url" : "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19982" }, { "category" : "external", "summary" : "EU Vulnerability Database EUVD-2026-19984 vom 2026-04-09", "url" : "https://euvd.enisa.europa.eu/enisa/EUVD-2026-19984" } ], "source_lang" : "en-US", "title" : "MediaWiki Erweiterungen: Mehrere Schwachstellen ermöglichen Cross-Site Scripting", "tracking" : { "current_release_date" : "2026-04-09T22:00:00.000+00:00", "generator" : { "date" : "2026-04-10T09:09:08.024+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.5.0" } }, "id" : "WID-SEC-W-2026-1043", "initial_release_date" : "2026-04-09T22:00:00.000+00:00", "revision_history" : [ { "date" : "2026-04-09T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" } ], "status" : "final", "version" : "1" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "<1.43.7", "product" : { "name" : "Open Source MediaWiki <1.43.7", "product_id" : "T052630" } }, { "category" : "product_version", "name" : "1.43.7", "product" : { "name" : "Open Source MediaWiki 1.43.7", "product_id" : "T052630-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:mediawiki:mediawiki:1.43.7" } } }, { "category" : "product_version_range", "name" : "<1.44.4", "product" : { "name" : "Open Source MediaWiki <1.44.4", "product_id" : "T052631" } }, { "category" : "product_version", "name" : "1.44.4", "product" : { "name" : "Open Source MediaWiki 1.44.4", "product_id" : "T052631-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:mediawiki:mediawiki:1.44.4" } } }, { "category" : "product_version_range", "name" : "<1.45.2", "product" : { "name" : "Open Source MediaWiki <1.45.2", "product_id" : "T052632" } }, { "category" : "product_version", "name" : "1.45.2", "product" : { "name" : "Open Source MediaWiki 1.45.2", "product_id" : "T052632-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:mediawiki:mediawiki:1.45.2" } } }, { "category" : "product_version", "name" : "Wikilove Extension", "product" : { "name" : "Open Source MediaWiki Wikilove Extension", "product_id" : "T052633", "product_identification_helper" : { "cpe" : "cpe:/a:mediawiki:mediawiki:wikilove_extension" } } }, { "category" : "product_version", "name" : "ProofreadPage Extension", "product" : { "name" : "Open Source MediaWiki ProofreadPage Extension", "product_id" : "T052634", "product_identification_helper" : { "cpe" : "cpe:/a:mediawiki:mediawiki:proofreadpage_extension" } } }, { "category" : "product_version", "name" : "Cargo Extension", "product" : { "name" : "Open Source MediaWiki Cargo Extension", "product_id" : "T052635", "product_identification_helper" : { "cpe" : "cpe:/a:mediawiki:mediawiki:cargo_extension" } } }, { "category" : "product_version", "name" : "ReportIncident Extension", "product" : { "name" : "Open Source MediaWiki ReportIncident Extension", "product_id" : "T052636", "product_identification_helper" : { "cpe" : "cpe:/a:mediawiki:mediawiki:reportincident__extension" } } }, { "category" : "product_version", "name" : "GrowthExperiments Extension", "product" : { "name" : "Open Source MediaWiki GrowthExperiments Extension", "product_id" : "T052638", "product_identification_helper" : { "cpe" : "cpe:/a:mediawiki:mediawiki:growthexperiments_extension" } } }, { "category" : "product_version", "name" : "CampaignEvents Extension", "product" : { "name" : "Open Source MediaWiki CampaignEvents Extension", "product_id" : "T052639", "product_identification_helper" : { "cpe" : "cpe:/a:mediawiki:mediawiki:campaignevents_extension" } } }, { "category" : "product_version", "name" : "Score Extension", "product" : { "name" : "Open Source MediaWiki Score Extension", "product_id" : "T052641", "product_identification_helper" : { "cpe" : "cpe:/a:mediawiki:mediawiki:score_extension" } } }, { "category" : "product_version", "name" : "CentralAuth Extension", "product" : { "name" : "Open Source MediaWiki CentralAuth Extension", "product_id" : "T052642", "product_identification_helper" : { "cpe" : "cpe:/a:mediawiki:mediawiki:centralauth__extension" } } } ], "category" : "product_name", "name" : "MediaWiki" } ], "category" : "vendor", "name" : "Open Source" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-22711", "product_status" : { "known_affected" : [ "T052638", "T052639", "T052636", "T052634", "T052635", "T052632", "T052633", "T052641", "T052630", "T052642", "T052631" ] }, "release_date" : "2026-04-09T22:00:00.000+00:00", "title" : "CVE-2026-22711" }, { "cve" : "CVE-2026-30977", "product_status" : { "known_affected" : [ "T052638", "T052639", "T052636", "T052634", "T052635", "T052632", "T052633", "T052641", "T052630", "T052642", "T052631" ] }, "release_date" : "2026-04-09T22:00:00.000+00:00", "title" : "CVE-2026-30977" }, { "cve" : "CVE-2026-39837", "product_status" : { "known_affected" : [ "T052638", "T052639", "T052636", "T052634", "T052635", "T052632", "T052633", "T052641", "T052630", "T052642", "T052631" ] }, "release_date" : "2026-04-09T22:00:00.000+00:00", "title" : "CVE-2026-39837" }, { "cve" : "CVE-2026-39838", "product_status" : { "known_affected" : [ "T052638", "T052639", "T052636", "T052634", "T052635", "T052632", "T052633", "T052641", "T052630", "T052642", "T052631" ] }, "release_date" : "2026-04-09T22:00:00.000+00:00", "title" : "CVE-2026-39838" }, { "cve" : "CVE-2026-39839", "product_status" : { "known_affected" : [ "T052638", "T052639", "T052636", "T052634", "T052635", "T052632", "T052633", "T052641", "T052630", "T052642", "T052631" ] }, "release_date" : "2026-04-09T22:00:00.000+00:00", "title" : "CVE-2026-39839" }, { "cve" : "CVE-2026-39840", "product_status" : { "known_affected" : [ "T052638", "T052639", "T052636", "T052634", "T052635", "T052632", "T052633", "T052641", "T052630", "T052642", "T052631" ] }, "release_date" : "2026-04-09T22:00:00.000+00:00", "title" : "CVE-2026-39840" }, { "cve" : "CVE-2026-39841", "product_status" : { "known_affected" : [ "T052638", "T052639", "T052636", "T052634", "T052635", "T052632", "T052633", "T052641", "T052630", "T052642", "T052631" ] }, "release_date" : "2026-04-09T22:00:00.000+00:00", "title" : "CVE-2026-39841" }, { "cve" : "CVE-2026-39933", "product_status" : { "known_affected" : [ "T052638", "T052639", "T052636", "T052634", "T052635", "T052632", "T052633", "T052641", "T052630", "T052642", "T052631" ] }, "release_date" : "2026-04-09T22:00:00.000+00:00", "title" : "CVE-2026-39933" }, { "cve" : "CVE-2026-39934", "product_status" : { "known_affected" : [ "T052638", "T052639", "T052636", "T052634", "T052635", "T052632", "T052633", "T052641", "T052630", "T052642", "T052631" ] }, "release_date" : "2026-04-09T22:00:00.000+00:00", "title" : "CVE-2026-39934" }, { "cve" : "CVE-2026-39935", "product_status" : { "known_affected" : [ "T052638", "T052639", "T052636", "T052634", "T052635", "T052632", "T052633", "T052641", "T052630", "T052642", "T052631" ] }, "release_date" : "2026-04-09T22:00:00.000+00:00", "title" : "CVE-2026-39935" }, { "cve" : "CVE-2026-39936", "product_status" : { "known_affected" : [ "T052638", "T052639", "T052636", "T052634", "T052635", "T052632", "T052633", "T052641", "T052630", "T052642", "T052631" ] }, "release_date" : "2026-04-09T22:00:00.000+00:00", "title" : "CVE-2026-39936" }, { "cve" : "CVE-2026-39937", "product_status" : { "known_affected" : [ "T052638", "T052639", "T052636", "T052634", "T052635", "T052632", "T052633", "T052641", "T052630", "T052642", "T052631" ] }, "release_date" : "2026-04-09T22:00:00.000+00:00", "title" : "CVE-2026-39937" }, { "cve" : "CVE-2026-5762", "product_status" : { "known_affected" : [ "T052638", "T052639", "T052636", "T052634", "T052635", "T052632", "T052633", "T052641", "T052630", "T052642", "T052631" ] }, "release_date" : "2026-04-09T22:00:00.000+00:00", "title" : "CVE-2026-5762" } ] }