CVE-2025-61650 | THREATINT

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from * before 795bf333272206a0189050d975e94b70eb7dc507.

PUBLISHED Reserved 2025-09-29 | Published 2026-02-03 | Updated 2026-02-03 | Assigner wikimedia-foundation

LOW: 1.1CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status

unaffected

* (semver) before 795bf333272206a0189050d975e94b70eb7dc507

affected

References

phabricator.wikimedia.org/T403289

cve.org (CVE-2025-61650)

nvd.nist.gov (CVE-2025-61650)

Download JSON