XSS Vulnerability in Wikimedia Foundation's Mediawiki UrlShortener Extension
CVE-2025-7056

6.3MEDIUM

What is CVE-2025-7056?

The UrlShortener Extension for Mediawiki is susceptible to a stored cross-site scripting (XSS) vulnerability due to improper neutralization of user input during web page generation. This flaw permits an attacker to inject malicious scripts into web pages that could be executed in the context of a user’s browser when the data is retrieved. Specifically, versions prior to 1.42.7 and 1.43.2 are affected, highlighting the importance of updating to secure versions to mitigate potential exploitation.

Affected Version(s)

Mediawiki - UrlShortener Extension 1.42.x < 1.42.7

Mediawiki - UrlShortener Extension 1.43.x < 1.43.2

References

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SomeRandomDeveloper
.