{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T14:31:53.679","vulnerabilities":[{"cve":{"id":"CVE-2026-30917","sourceIdentifier":"security-advisories@github.com","published":"2026-03-10T17:40:15.517","lastModified":"2026-04-16T14:45:19.723","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed in 2.1.1."},{"lang":"es","value":"Bucket es una extensión de MediaWiki para almacenar y recuperar datos estructurados en artículos. Antes de 2.1.1, un XSS almacenado puede insertarse en cualquier campo de tabla de Bucket que tenga un tipo PAGE, el cual se ejecutará cada vez que un usuario vea la página de espacio de nombres de Bucket correspondiente a esa tabla. Esta vulnerabilidad está corregida en 2.1.1."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/weirdgloop/mediawiki-extensions-Bucket/commit/46ec08876ba9064987f20e8f42690854202a73ff","source":"security-advisories@github.com"},{"url":"https://github.com/weirdgloop/mediawiki-extensions-Bucket/commit/cba9cf9c8751e9f3e6d559f44cadc39b84f7bff6","source":"security-advisories@github.com"},{"url":"https://github.com/weirdgloop/mediawiki-extensions-Bucket/security/advisories/GHSA-8jrp-37wc-5v7c","source":"security-advisories@github.com"}]}}]}