exploitDog

GHSA-r979-wmj9-cr9m

Опубликовано: 07 июл. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

The CheckUser extension’s Special:Investigate interface is vulnerable to reflected XSS due to improper escaping of certain internationalized system messages rendered on the “IPs and User agents” tab.

This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

The CheckUser extension’s Special:Investigate interface is vulnerable to reflected XSS due to improper escaping of certain internationalized system messages rendered on the “IPs and User agents” tab.

This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

Ссылки

EPSS

Процентиль: 7%

0.00025

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-53478

CVSS3: 5.4

nvd

7 месяцев назад

The CheckUser extension’s Special:Investigate interface is vulnerable to reflected XSS due to improper escaping of certain internationalized system messages rendered on the “IPs and User agents” tab. This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

EPSS

Процентиль: 7%

0.00025

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79