Stored XSS in WebAuthn key name_CVE-2025-62652

5.8 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:L/U:Amber

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension allows Stored XSS.This issue affects MediaWiki WebAuthn extension: 1.39, 1.43, 1.44.

Basic Information

ID CVE-2025-62652

Source wikimedia-foundation

Published Oct 17, 2025 at 22:15

Affected Product

Vendor The Wikimedia Foundation

Product MediaWiki WebAuthn extension

Version 1.39

Affected Versions The Wikimedia Foundation MediaWiki WebAuthn extension 1.39
The Wikimedia Foundation MediaWiki WebAuthn extension 1.43
The Wikimedia Foundation MediaWiki WebAuthn extension 1.44

CWE Classification

CWE-79

References

phabricator.wikimedia.org /T403093

{
    "lastseen": "",
    "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension allows Stored XSS.This issue affects MediaWiki WebAuthn extension: 1.39, 1.43, 1.44.",
    "published": "2025-10-17T22:15:26.903Z",
    "modified": "2025-10-17T22:15:26.903Z",
    "type": "cve",
    "title": "Stored XSS in WebAuthn key name",
    "source": "wikimedia-foundation",
    "references": "https://phabricator.wikimedia.org/T403093",
    "id": "CVE-2025-62652",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "The Wikimedia Foundation MediaWiki WebAuthn extension 1.39\nThe Wikimedia Foundation MediaWiki WebAuthn extension 1.43\nThe Wikimedia Foundation MediaWiki WebAuthn extension 1.44",
    "sourceHref": "",
    "cvss": {
        "score": 5.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:L/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MediaWiki WebAuthn extension",
    "version": "1.39",
    "vendor": "The Wikimedia Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}