Improper input validation in The Wikimedia Foundation Mediawiki - Extension:simplecalendar

CVE-2025-32077

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Extension:SimpleCalendar allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Extension:SimpleCalendar: from 1.39 through 1.43.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.003 (24.7th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References