Cross-Site Scripting Vulnerability in Semantic MediaWiki
CVE-2025-10354

5.1MEDIUM

Key Information:

Vendor: Semantic Mediawiki
Status: Semantic Mediawiki
Vendor: CVE Published:; 21 April 2026

🔔 Create Semantic Mediawiki Vulnerability Alert

What is CVE-2025-10354?

A Cross-Site Scripting (XSS) vulnerability exists in Semantic MediaWiki, enabling attackers to execute arbitrary JavaScript in the browsers of unsuspecting users. By crafting a malicious URL that targets the '/index.php/Speciaal:GefacetteerdZoeken' endpoint, threat actors can potentially steal sensitive user information, including session cookies, or manipulate actions on behalf of the user. It is essential to implement security patches to safeguard against these types of exploits.

Affected Version(s)

Semantic MediaWiki 5.0.2

References

https://www.incibe.es/en/incibe-cert/notices/aviso/reflec...

patch

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Sep 12, 2025

Credit

Gonzalo Aguilar García (6h4ack)

CVE-2025-10354 Data

JSON