Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-67475

Опубликовано: 03 фев. 2026
Источник: redhat
CVSS3: 4.6
EPSS Низкий

Описание

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.

A flaw was found in MediaWiki. This vulnerability, identified as an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting or XSS), allows a remote attacker to inject malicious scripts into web pages. This can lead to information disclosure, session hijacking, or arbitrary code execution within the context of the user's browser. The flaw is specifically associated with the includes/CommentFormatter/CommentParser.Php program file.

Отчет

This vulnerability allows for stored cross-site scripting (XSS) through edit summaries in MediaWiki. An attacker could inject malicious scripts into edit summaries, which would then execute when other users view the affected content. This issue impacts MediaWiki as shipped in Fedora 42 and Fedora 43.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2436176MediaWiki: MediaWiki: Cross-site Scripting vulnerability due to improper input neutralization

EPSS

Процентиль: 6%
0.00023
Низкий

4.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-67475

ubuntu
2 месяца назад

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.

nvd логотип

CVE-2025-67475

nvd
2 месяца назад

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.

debian логотип

CVE-2025-67475

debian
2 месяца назад

Improper Neutralization of Input During Web Page Generation (XSS or 'C ...

github логотип

GHSA-2pvg-g56g-vcf2

github
2 месяца назад

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.

EPSS

Процентиль: 6%
0.00023
Низкий

4.6 Medium

CVSS3