Cross-site Scripting Vulnerability in Wikimedia Foundation Mediawiki - Quiz Extension
CVE-2025-7057

Currently unrated

Key Information:

Vendor: Wikimedia Foundation
Status: Mediawiki - Quiz Extension
Vendor: CVE Published:; 7 July 2025

🔔 Create Wikimedia Foundation Vulnerability Alert

What is CVE-2025-7057?

The Mediawiki - Quiz Extension by Wikimedia Foundation contains a Cross-site Scripting (XSS) vulnerability due to improper neutralization of user inputs during web page generation. This flaw allows an attacker to inject malicious scripts that can be stored and executed by unsuspecting users, potentially leading to unauthorized access to sensitive information or manipulation of user sessions. It is crucial for users of the affected versions to apply necessary updates and patches to mitigate this risk.

Affected Version(s)

Mediawiki - Quiz Extension 1.39.x < 1.39.13

Mediawiki - Quiz Extension 1.42.x < 1.42.7

Mediawiki - Quiz Extension 1.43.x < 1.43.2

References

https://phabricator.wikimedia.org/T394612

https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Qui...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2025
Vulnerability Reserved
Jul 3, 2025

Credit

SomeRandomDeveloper