CVE-2025-32078 | THREATINT

Description

Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Version Compare Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Version Compare Extension: from 1.39 through 1.43.

PUBLISHED Reserved 2025-04-03 | Published 2025-04-11 | Updated 2025-04-11 | Assigner wikimedia-foundation

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Problem types

CWE-116 Improper Encoding or Escaping of Output

Product status

Default status

unaffected

1.39 (semver)

affected

Credits

BlankEclair finder

References

phabricator.wikimedia.org/T384269

gerrit.wikimedia.org/...b3b98e615e1a4f4034d932d2d592000b51d0

cve.org (CVE-2025-32078)

nvd.nist.gov (CVE-2025-32078)

Download JSON