Cross-Site Scripting Vulnerability in MediaWiki PageTriage Extension by Wikimedia Foundation
CVE-2025-62702

6.9MEDIUM

Key Information:

Vendor

The Wikimedia Foundation

Status
Mediawiki - Pagetriage Extension
Vendor
CVE Published:
21 October 2025

What is CVE-2025-62702?

The MediaWiki PageTriage Extension from the Wikimedia Foundation presents a cross-site scripting vulnerability characterized by improper neutralization of input during web page generation. This flaw enables attackers to execute arbitrary scripts in the context of users’ browsers, potentially compromising sensitive information and user sessions. The vulnerability affects versions prior to 1.44 and poses significant risks if left unaddressed. Mitigation through prompt updates and stringent input validation is strongly advised to ensure the integrity of the web application.

Affected Version(s)

Mediawiki - PageTriage Extension master < 1.44

References

https://phabricator.wikimedia.org/T400526
https://gerrit.wikimedia.org/r/q/I86c5f17364c7351e7c06ce4...

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SomeRandomDeveloper
JSON
.
CVE-2025-62702 : Cross-Site Scripting Vulnerability in MediaWiki PageTriage Extension by Wikimedia Foundation