Cross-site Scripting Vulnerability in Wikimedia Foundation Mediawiki MediaSearch Extension
CVE-2025-53496
Currently unrated
What is CVE-2025-53496?
The Mediawiki MediaSearch Extension from the Wikimedia Foundation is susceptible to a cross-site scripting (XSS) vulnerability due to improper input neutralization during web page generation. This flaw enables attackers to exploit the vulnerability, potentially allowing stored XSS attacks. Affected versions include Mediawiki MediaSearch Extension: 1.39.X prior to 1.39.13 and 1.43.X prior to 1.43.2. It is imperative for users to upgrade their installations to the secured versions to mitigate the risk.
Affected Version(s)
Mediawiki - MediaSearch Extension 1.39.x < 1.39.13
Mediawiki - MediaSearch Extension 1.43.x < 1.43.2
Mediawiki - MediaSearch Extension 1.42.x < 1.42.7