Security Vulnerabilities
A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle (MitM) attacker can intercept or redirect the NAT tunnel establishment. This could allow an attacker to disrupt service availability or facilitate further targeted attacks by acting as a proxy between the user and the device services.
Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.1.RCI1.
CVSS Score
6.3
EPSS Score
0.0
Published
2026-02-03
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php.
This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
CVSS Score
6.5
EPSS Score
0.001
Published
2026-02-03
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js.
This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-02-03
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js.
This issue affects MediaWiki: from * before 1.43.6, 1.44.3, 1.45.1.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-02-03
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php.
This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-02-03
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files src/ce/ve.Ce.ClipboardHandler.Js.
This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-02-03
Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/GlobalContributions/GlobalContributionsPager.Php.
This issue affects CheckUser: from * before 1.43.4, 1.44.1.
CVSS Score
1.3
EPSS Score
0.001
Published
2026-02-03
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php.
This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-02-03
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php.
This issue affects MediaWiki: from * before 1.44.3, 1.45.1.
CVSS Score
1.3
EPSS Score
0.0
Published
2026-02-03
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js.
This issue affects MediaWiki: from * before 1.44.3, 1.45.1.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-02-03