Cross-Site Scripting Vulnerability in Mediawiki - Version Compare by Wikimedia Foundation
CVE-2025-32078

6.9MEDIUM

Key Information:

Vendor: The Wikimedia Foundation
Status: Mediawiki - Version Compare Extension
Vendor: CVE Published:; 11 April 2025

Summary

A vulnerability exists in the Mediawiki - Version Compare Extension developed by the Wikimedia Foundation, allowing for Cross-Site Scripting (XSS). This flaw occurs due to improper encoding or escaping of output, affecting versions from 1.39 through 1.43. Malicious actors could exploit this vulnerability to inject arbitrary scripts into web pages viewed by users, potentially compromising the integrity and confidentiality of user data. It is crucial to address this security issue to protect users from possible attacks.

Affected Version(s)

Mediawiki - Version Compare Extension 1.39 <= 1.43

References

https://phabricator.wikimedia.org/T384269

https://gerrit.wikimedia.org/r/q/If901b3b98e615e1a4f4034d...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Apr 3, 2025

Credit

BlankEclair