Stored XSS Vulnerability in EmbedVideo MediaWiki Extension from StarCitizenWiki
CVE-2025-59839

8.6HIGH

Key Information:

Vendor: Starcitizenwiki
Status: Mediawiki-extensions-embedvideo
Vendor: CVE Published:; 25 September 2025

🔔 Create Starcitizenwiki Vulnerability Alert

What is CVE-2025-59839?

The EmbedVideo Extension for MediaWiki has a vulnerability that permits the injection of arbitrary attributes into HTML elements, leading to the potential for stored Cross-Site Scripting (XSS). This issue affects versions 4.0.0 and earlier and is particularly dangerous as it allows attackers to execute malicious scripts stored on the server, impacting users who interact with the modified pages. A patch has been released to address this vulnerability.