Cross-Site Scripting Vulnerability in MediaWiki PageForms by Wikimedia Foundation
CVE-2025-62657

5.8MEDIUM

Key Information:

Vendor: The Wikimedia Foundation
Status: Mediawiki Pageforms Extension
Vendor: CVE Published:; 20 October 2025

🔔 Create The Wikimedia Foundation Vulnerability Alert

What is CVE-2025-62657?

A Cross-Site Scripting (XSS) vulnerability exists in the MediaWiki PageForms extension developed by the Wikimedia Foundation. This flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially compromising sensitive information and user interactions. The issue specifically affects version 1.44 and can lead to stored XSS attacks, enabling malicious actors to execute scripts in the context of the user’s browser. It is crucial for users of the PageForms extension to apply security updates to mitigate these risks. For more detailed information, refer to the issue report on Phabricator.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MediaWiki PageForms extension 1.44

References

https://phabricator.wikimedia.org/T405357

CVSS V4

Score:

5.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
Oct 17, 2025

Credit

SomeRandomDeveloper

JSON

The Wikimedia Foundation