PatchSiren

Semantic MediaWiki CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Semantic MediaWiki CVE published 2026-04-21

CVE-2025-10354

A reflected Cross-Site Scripting (XSS) vulnerability exists in Semantic MediaWiki, specifically affecting the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter. This vulnerability allows an attacker to execute arbitrary JavaScript code in a victim's browser by tricking them into visiting a maliciously crafted URL. Successful exploitation could enable session cookie theft or unauthorized actions [truncated]