Cross-Site Scripting Vulnerability in Wikimedia Foundation's Mediawiki - IPInfo Extension
CVE-2025-53482
Currently unrated
What is CVE-2025-53482?
A Cross-Site Scripting (XSS) vulnerability has been identified in the IPInfo Extension of the Mediawiki software, developed by the Wikimedia Foundation. This flaw arises from improper handling of input during web page generation, which could allow attackers to inject malicious scripts. The affected versions include Mediawiki - IPInfo Extension from 1.39.X prior to 1.39.13, 1.42.X prior to 1.42.7, and 1.43.X prior to 1.43.2. A successful exploit may enable an attacker to execute arbitrary JavaScript in the context of a user's session, leading to potential data theft or session hijacking.
Affected Version(s)
Mediawiki - IPInfo Extension 1.39.x < 1.39.13
Mediawiki - IPInfo Extension 1.42.x < 1.42.7
Mediawiki - IPInfo Extension 1.43.x < 1.43.2