Home

Description

Improper Input Validation vulnerability in Wikimedia Foundation Mediawiki - FeaturedFeeds Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - FeaturedFeeds Extension: 1.39.X, 1.42.X, 1.43.X.

PUBLISHED Reserved 2025-06-30 | Published 2025-07-03 | Updated 2025-07-10 | Assigner wikimedia-foundation

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unaffected

1.39.x (semver)
affected

1.42.x (semver)
affected

1.43.x (semver)
affected

Credits

Legoktm finder

References

phabricator.wikimedia.org/T392279

gerrit.wikimedia.org/...i/extensions/FeaturedFeeds/+/1149742

cve.org (CVE-2025-53502)

nvd.nist.gov (CVE-2025-53502)

Download JSON