Cross-site Scripting Vulnerability in Wikimedia MediaWiki OpenBadges Extension
CVE-2025-23080
Currently unrated
Summary
A Cross-site Scripting (XSS) vulnerability exists in the MediaWiki OpenBadges Extension provided by the Wikimedia Foundation. This flaw allows malicious users to exploit improper neutralization of input during web page generation, potentially leading to harmful actions such as injection of malicious scripts. The affected versions are MediaWiki OpenBadges Extension 1.39.X prior to 1.39.11, 1.41.X prior to 1.41.3, and 1.42.X prior to 1.42.2. Users and administrators are advised to upgrade to the latest versions to mitigate this security risk.
References
Timeline
Vulnerability published