Cross-Site Scripting Vulnerability in Wikimedia Foundation MediaWiki PollNY Extension
CVE-2025-62653

2LOW

Key Information:

Vendor: The Wikimedia Foundation
Status: Mediawiki Pollny Extension
Vendor: CVE Published:; 17 October 2025

🔔 Create The Wikimedia Foundation Vulnerability Alert

What is CVE-2025-62653?

The Wikimedia Foundation's MediaWiki PollNY extension is susceptible to a Cross-Site Scripting (XSS) vulnerability due to improper input neutralization during web page generation. This vulnerability enables an attacker to exploit the system and execute arbitrary JavaScript code in the context of logged-in users. It poses a significant security risk to users interacting with the affected versions of the PollNY extension, making it essential for administrators to apply necessary patches or updates to mitigate potential threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MediaWiki PollNY extension 1.39

MediaWiki PollNY extension 1.43

MediaWiki PollNY extension 1.44

References

https://phabricator.wikimedia.org/T403923

CVSS V4

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Oct 17, 2025
Vulnerability Reserved
Oct 17, 2025

Credit

SomeRandomDeveloper

JSON

The Wikimedia Foundation