Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
MediaWiki Bucket Extension: Malicious Code Can Execute on Article Pages
CVE-2026-30917
Summary
The MediaWiki Bucket extension has a security flaw that allows attackers to insert malicious code into article pages. This code can be executed when someone views the affected article page, potentially harming users. Update to version 2.1.1 to fix this issue.
Original title
Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute ...
Original description
Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed in 2.1.1.
nvd CVSS4.0
8.8
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026