本頁列出影響 mediawiki visual_editor 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-61656 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files src/ce/ve.Ce.ClipboardHandler.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 0.0 | 0.15% | 2026-02-02 | 2026-06-17 |
| CVE-2025-61655 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files includes/ApiVisualEditorEdit.Php, modules/ve-mw/init/targets/ve.Init.Mw.DesktopArticleTarget.Js, modules/ve-mw/ui/dialogs/ve.Ui.MWSaveDialog.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 0.0 | 0.14% | 2026-02-02 | 2026-06-17 |
| CVE-2019-19708 | The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute. | [email protected] | 6.1 | 0.72% | 2019-12-10 | 2026-06-16 |