Cross-site Scripting Vulnerability in Wikimedia Foundation MediaWiki
CVE-2025-3469
NONE
Summary
A Cross-site Scripting (XSS) vulnerability exists in Wikimedia Foundation's MediaWiki software due to improper neutralization of input during web page generation. Attackers can exploit this flaw by crafting malicious input that is then processed by the affected application, potentially allowing them to inject arbitrary scripts into web pages viewed by other users. This vulnerability affects various versions of MediaWiki, specifically those before 1.39.12, as well as versions 1.42.6 and 1.43.1. Users are encouraged to upgrade to the latest version to mitigate the risk.
Affected Version(s)
MediaWiki 0 < 1.39.12, 1.42.6, 1.43.1
References
CVSS V4
Score:
Severity:
NONE
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Daimona
Daimona
Daimona