Stored XSS Vulnerability in MsUpload Extension for MediaWiki
CVE-2025-7362

Currently unrated

What is CVE-2025-7362?

The MsUpload extension for MediaWiki contains a vulnerability allowing stored XSS via the msu-continue system message. This issue arises when users upload a file with the same name twice, leading to the injection of unsafe content into the DOM without adequate sanitization, potentially compromising the security of the web application and its users.

Affected Version(s)

Mediawiki - MsUpload extension 1.39.x < 1.39.13

Mediawiki - MsUpload extension 1.42.x < 1.42.7

Mediawiki - MsUpload extension 1.43.x < 1.43.2

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-7362 : Stored XSS Vulnerability in MsUpload Extension for MediaWiki