Cross-site Scripting Vulnerability in Wikimedia Foundation's MediaWiki ExternalGuidance
CVE-2025-62698

6.9MEDIUM

Key Information:

Vendor

The Wikimedia Foundation

Status
Mediawiki - Externalguidance
Vendor
CVE Published:
20 October 2025

What is CVE-2025-62698?

A Cross-site Scripting (XSS) vulnerability exists in Wikimedia Foundation's MediaWiki ExternalGuidance, allowing the risk of stored XSS attacks. This flaw is due to improper neutralization of input during web page generation, which can lead to the execution of malicious scripts in the browser of users interacting with the affected component. This issue impacts MediaWiki - ExternalGuidance from the master branch prior to version 1.39, potentially compromising user data and integrity.

Affected Version(s)

Mediawiki - ExternalGuidance master < 1.39

References

https://gerrit.wikimedia.org/r/q/I8bfb3c2766982f6633f47ed...
https://phabricator.wikimedia.org/T399662

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SomeRandomDeveloper
JSON
.
CVE-2025-62698 : Cross-site Scripting Vulnerability in Wikimedia Foundation's MediaWiki ExternalGuidance