CVE-2025-3469
i18n XSS vulnerability in HTMLMultiSelectField when sections are used
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
i18n XSS vulnerability in HTMLMultiSelectField when sections are used
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.
Reserved 2025-04-09 | Published 2025-04-10 | Updated 2025-04-10 | Assigner wikimedia-foundationCWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Daimona
Daimona
Daimona
phabricator.wikimedia.org/T358689
Support options
