Reflected and Stored XSS Vulnerability in ManageWiki by MediaWiki
CVE-2025-43861

4.4MEDIUM

Key Information:

Vendor: Miraheze
Status: Managewiki
Vendor: CVE Published:; 24 April 2025

What is CVE-2025-43861?

ManageWiki, a MediaWiki extension, is susceptible to both reflected and stored Cross-Site Scripting (XSS) attacks. Attackers, who are logged in, can manipulate form fields to inject harmful scripts. When the affected user opens the 'Review Changes' dialog, the injected script is executed within their session, potentially allowing the attacker to carry out unauthorized actions. To mitigate this issue, a patch was introduced in commit 2f177dc, which addresses the vulnerability.

Affected Version(s)

ManageWiki < 2f177dc

References

https://github.com/miraheze/ManageWiki/security/advisorie...

x_refsource_CONFIRM

https://github.com/miraheze/ManageWiki/commit/2f177dc83b2...

x_refsource_MISC

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2025
Vulnerability Reserved
Apr 17, 2025

Miraheze

What is CVE-2025-43861?

Affected Version(s)

References

CVSS V3.1

Timeline