User Input Injection Vulnerability in Mediawiki SecurePoll Extension
CVE-2025-53484
Key Information:
- Vendor
Wikimedia Foundation
- Vendor
- CVE Published:
- 4 July 2025
Badges
What is CVE-2025-53484?
The SecurePoll extension for Mediawiki is affected by a user input injection vulnerability due to improperly escaped user-controlled inputs. Specifically, attackers can exploit user input in the VotePage.php file for poll options and in the ResultPage methods, getPagesTab() and getErrorsTab(), where user-controlled page names are used without proper validation. This allows potential malicious actors to inject JavaScript code, leading to compromised user sessions under specific conditions. Users of affected versions should take immediate action to mitigate this risk.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Mediawiki - SecurePoll extension 1.39.x < 1.39.13
Mediawiki - SecurePoll extension 1.42.x < 1.42.7
Mediawiki - SecurePoll extension 1.43.x < 1.43.2
News Articles
ameeba.comCVE-2025-53484CVE-2025-53484: Critical JavaScript Injection Vulnerability in Mediawiki’s SecurePoll Extension - Cybersecurity Exploit Tracker by Ameeba
Overview This blog post covers the critical vulnerability CVE-2025-53484, which affects the SecurePoll extension of the widely used Mediawiki software. This vulnerability permits malicious actors to inject JavaScript into user-controlled inputs, potentially compromising user sessions. This is especi...
References
CVSS V3.1
Timeline
- đź‘ľ
Exploit known to exist
- đź“°
First article discovered by ameeba.com
Vulnerability published
Vulnerability Reserved