Cross-Site Scripting Vulnerability in Wikimedia Foundation MediaWiki GrowthExperiments Extension
CVE-2025-62667
6.9MEDIUM
What is CVE-2025-62667?
A cross-site scripting (XSS) vulnerability exists in the MediaWiki GrowthExperiments Extension, which allows an attacker to inject malicious scripts into web pages viewed by users. This could lead to unauthorized actions, data theft, or other security breaches. Users running affected versions of the extension should take precautions to mitigate this vulnerability by upgrading to a secure release.
Affected Version(s)
Mediawiki - GrowthExperiments Extension master < 1.39