CVE-2025-32074

Description

Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Confirm Account Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Confirm Account Extension: from 1.39 through 1.43.

PUBLISHED Reserved 2025-04-03 | Published 2025-04-11 | Updated 2025-07-07 | Assigner wikimedia-foundation

Problem types

CWE-116 Improper Encoding or Escaping of Output

Product status

Credits

BlankEclair finder

References

phabricator.wikimedia.org/T386908

gerrit.wikimedia.org/...7103ffb78c671890b44ccd59fcff6613975f

cve.org (CVE-2025-32074)

nvd.nist.gov (CVE-2025-32074)

Download JSON