Cross-Site Scripting Vulnerability in Wikimedia Foundation's MediaWiki CookieConsent Extension
CVE-2025-62659

2.1LOW

Key Information:

Vendor: The Wikimedia Foundation
Status: Mediawiki Cookieconsent Extension
Vendor: CVE Published:; 22 October 2025

🔔 Create The Wikimedia Foundation Vulnerability Alert

What is CVE-2025-62659?

A Cross-Site Scripting (XSS) vulnerability exists in the MediaWiki CookieConsent extension, versions from v0.1.0 to before v2.0.0, due to improper handling of user input during web page generation. Attackers can exploit this flaw to inject malicious scripts into web pages viewed by users, potentially compromising their security and privacy.

Affected Version(s)

MediaWiki CookieConsent extension v0.1.0

MediaWiki CookieConsent extension v2.0.0

References

https://phabricator.wikimedia.org/T404475

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Oct 17, 2025

Credit

SomeRandomDeveloper

JSON