Description

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed in 2.1.1.

INFO

Published Date :

2026-03-09T22:50:20.879Z

Last Modified :

2026-03-10T13:52:52.786Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-30917 vulnerability.

Vendors Products
Weirdgloop
  • Mediawiki-extensions-bucket
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-30917.

URL Resource
https://github.com/weirdgloop/mediawiki-extensions-Bucket/commit/46ec08876ba9064987f20e8f42690854202a73ff cve-icon cve-icon
https://github.com/weirdgloop/mediawiki-extensions-Bucket/commit/cba9cf9c8751e9f3e6d559f44cadc39b84f7bff6 cve-icon cve-icon
https://github.com/weirdgloop/mediawiki-extensions-Bucket/security/advisories/GHSA-8jrp-37wc-5v7c cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability