CVE-2025-32069
Wikitext stored XSS on filepages due to dangerous WBMI serialization
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Wikitext stored XSS on filepages due to dangerous WBMI serialization
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Media Info Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Wikibase Media Info Extension: from 1.39 through 1.43.
Reserved 2025-04-03 | Published 2025-04-11 | Updated 2025-04-11 | Assigner wikimedia-foundationCWE-20 Improper Input Validation
Dylsss
matthiasmullie
phabricator.wikimedia.org/T387691
gerrit.wikimedia.org/...a8cfeab0d4457417773fa884e271968e5657
Support options
