XSS Vulnerability in Wikimedia Foundation's Mediawiki UrlShortener Extension
CVE-2025-7056
6.3MEDIUM
What is CVE-2025-7056?
The UrlShortener Extension for Mediawiki is susceptible to a stored cross-site scripting (XSS) vulnerability due to improper neutralization of user input during web page generation. This flaw permits an attacker to inject malicious scripts into web pages that could be executed in the context of a user’s browser when the data is retrieved. Specifically, versions prior to 1.42.7 and 1.43.2 are affected, highlighting the importance of updating to secure versions to mitigate potential exploitation.
Affected Version(s)
Mediawiki - UrlShortener Extension 1.42.x < 1.42.7
Mediawiki - UrlShortener Extension 1.43.x < 1.43.2
