XSS Vulnerability in Wikimedia Foundation Mediawiki - FeaturedFeeds Extension
CVE-2025-53502

6.5MEDIUM

Key Information:

Vendor: Wikimedia Foundation
Status: Mediawiki - Featuredfeeds Extension
Vendor: CVE Published:; 3 July 2025

🔔 Create Wikimedia Foundation Vulnerability Alert

What is CVE-2025-53502?

An improper input validation vulnerability in the FeaturedFeeds Extension of Wikimedia Foundation's Mediawiki allows for Cross-Site Scripting (XSS). This security flaw affects versions 1.39.X, 1.42.X, and 1.43.X, enabling attackers to inject malicious scripts potentially compromising user data and session integrity.

Affected Version(s)

Mediawiki - FeaturedFeeds Extension 1.39.x

Mediawiki - FeaturedFeeds Extension 1.42.x

Mediawiki - FeaturedFeeds Extension 1.43.x

References

https://phabricator.wikimedia.org/T392279

https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Fea...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Jun 30, 2025

Credit

Legoktm