Cross-Site Scripting Vulnerability in Wikimedia Foundation MediaWiki PollNY Extension
CVE-2025-62653

2LOW

Key Information:

Vendor

The Wikimedia Foundation

Status
Mediawiki Pollny Extension
Vendor
CVE Published:
17 October 2025

What is CVE-2025-62653?

The Wikimedia Foundation's MediaWiki PollNY extension is susceptible to a Cross-Site Scripting (XSS) vulnerability due to improper input neutralization during web page generation. This vulnerability enables an attacker to exploit the system and execute arbitrary JavaScript code in the context of logged-in users. It poses a significant security risk to users interacting with the affected versions of the PollNY extension, making it essential for administrators to apply necessary patches or updates to mitigate potential threats.

Affected Version(s)

MediaWiki PollNY extension 1.39

MediaWiki PollNY extension 1.43

MediaWiki PollNY extension 1.44

References

https://phabricator.wikimedia.org/T403923

CVSS V4

Score:
2
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SomeRandomDeveloper
JSON
.
CVE-2025-62653 : Cross-Site Scripting Vulnerability in Wikimedia Foundation MediaWiki PollNY Extension