Reflected XSS Vulnerability in Mediawiki's CheckUser Extension
CVE-2025-53479
Currently unrated
What is CVE-2025-53479?
The CheckUser extension for Mediawiki is susceptible to reflected Cross-Site Scripting (XSS) attacks through a vulnerability in the Special:CheckUser interface. Specifically, the rev-deleted-user message is displayed without adequate escaping, allowing attackers to inject malicious JavaScript code using the uselang=x-xss language override mechanism. This presents a significant risk to users' data and could lead to unauthorized information disclosure if exploited. It is crucial for administrators to promptly upgrade to the latest version to mitigate this risk.
Affected Version(s)
Mediawiki - CheckUser extension 1.39.x < 1.39.13
Mediawiki - CheckUser extension 1.42.x < 1.42.7
Mediawiki - CheckUser extension 1.43.x < 1.43.2