Improper input validation in The Wikimedia Foundation Mediawiki - Extension:simplecalendar
CVE-2025-32077
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Extension:SimpleCalendar allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Extension:SimpleCalendar: from 1.39 through 1.43.
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.003 (24.7th percentile) — read the EPSS interpretation.
Affected products
- The Wikimedia Foundation Mediawiki - Extension:simplecalendar — versions 1.39