Stored XSS Vulnerability in MsUpload Extension for MediaWiki
CVE-2025-7362
Currently unrated
What is CVE-2025-7362?
The MsUpload extension for MediaWiki contains a vulnerability allowing stored XSS via the msu-continue system message. This issue arises when users upload a file with the same name twice, leading to the injection of unsafe content into the DOM without adequate sanitization, potentially compromising the security of the web application and its users.
Affected Version(s)
Mediawiki - MsUpload extension 1.39.x < 1.39.13
Mediawiki - MsUpload extension 1.42.x < 1.42.7
Mediawiki - MsUpload extension 1.43.x < 1.43.2