Vulnerability Description
Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed in 2.1.1.
Related Weaknesses (CWE)
References
- https://github.com/weirdgloop/mediawiki-extensions-Bucket/commit/46ec08876ba9064
- https://github.com/weirdgloop/mediawiki-extensions-Bucket/commit/cba9cf9c8751e9f
- https://github.com/weirdgloop/mediawiki-extensions-Bucket/security/advisories/GH
FAQ
What is CVE-2026-30917?
CVE-2026-30917 is a documented vulnerability. Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whe...
How severe is CVE-2026-30917?
CVSS scoring is not yet available for CVE-2026-30917. Check NVD for updates.
Is there a patch for CVE-2026-30917?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.