CVE-2026-30917

UNKNOWN 0.0

Stored XSS on Bucket namespace pages

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed in 2.1.1.

CWE	CWE-79
Vendor	weirdgloop
Product	mediawiki-extensions-bucket
Published	Mar 9, 2026
Last Updated	Mar 10, 2026

Stay Ahead of the Next One

Get instant alerts for weirdgloop mediawiki-extensions-bucket

Be the first to know when new unknown vulnerabilities affecting weirdgloop mediawiki-extensions-bucket are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

weirdgloop / mediawiki-extensions-Bucket

< 2.1.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/weirdgloop/mediawiki-extensions-Bucket/security/advisories/GHSA-8jrp-37wc-5v7c github.com: https://github.com/weirdgloop/mediawiki-extensions-Bucket/commit/46ec08876ba9064987f20e8f42690854202a73ff github.com: https://github.com/weirdgloop/mediawiki-extensions-Bucket/commit/cba9cf9c8751e9f3e6d559f44cadc39b84f7bff6