Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-61645

Опубликовано: 03 фев. 2026
Источник: redhat
CVSS3: 4.6

Описание

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/pager/CodexTablePager.Php. This issue affects MediaWiki: from * before 1.44.1.

A flaw was found in MediaWiki. This cross-site scripting (XSS) vulnerability, located in the includes/pager/CodexTablePager.Php program file, allows an attacker to inject malicious scripts into web pages. This can lead to information disclosure, where sensitive user data might be exposed, or enable an attacker to perform actions on behalf of the user within their browser session.

Отчет

A cross-site scripting (XSS) vulnerability exists in the CodexTablePager component of MediaWiki due to improper neutralization of input during web page generation. This flaw could allow an authenticated attacker with high privileges to inject malicious scripts, potentially leading to unauthorized actions or information disclosure within the affected MediaWiki instance. This issue affects MediaWiki versions before 1.44.1, as distributed in Fedora.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2436160MediaWiki: MediaWiki: Cross-site scripting vulnerability allows information disclosure via improper input neutralization

4.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-61645

CVSS3: 6.1
ubuntu
2 месяца назад

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/pager/CodexTablePager.Php. This issue affects MediaWiki: from * before 1.44.1.

nvd логотип

CVE-2025-61645

CVSS3: 6.1
nvd
2 месяца назад

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/pager/CodexTablePager.Php. This issue affects MediaWiki: from * before 1.44.1.

debian логотип

CVE-2025-61645

CVSS3: 6.1
debian
2 месяца назад

Improper Neutralization of Input During Web Page Generation (XSS or 'C ...

github логотип

GHSA-q897-j5gq-ggp7

CVSS3: 6.1
github
2 месяца назад

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/pager/CodexTablePager.Php. This issue affects MediaWiki: from * before 1.44.1.

4.6 Medium

CVSS3