Cross-Site Scripting Vulnerability in MediaWiki PageForms by Wikimedia Foundation
CVE-2025-62657

5.8MEDIUM

Key Information:

Vendor: The Wikimedia Foundation
Status: Mediawiki Pageforms Extension
Vendor: CVE Published:; 20 October 2025

🔔 Create The Wikimedia Foundation Vulnerability Alert

What is CVE-2025-62657?

A Cross-Site Scripting (XSS) vulnerability exists in the MediaWiki PageForms extension developed by the Wikimedia Foundation. This flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially compromising sensitive information and user interactions. The issue specifically affects version 1.44 and can lead to stored XSS attacks, enabling malicious actors to execute scripts in the context of the user’s browser. It is crucial for users of the PageForms extension to apply security updates to mitigate these risks. For more detailed information, refer to the issue report on Phabricator.

Affected Version(s)

MediaWiki PageForms extension 1.44

References

https://phabricator.wikimedia.org/T405357

CVSS V4

Score:

5.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
Oct 17, 2025

Credit

SomeRandomDeveloper

JSON