Stored XSS through system messages in QuizGame_CVE-2025-62654

2 / 10

LOW

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:C/RE:M/U:Amber

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki QuizGame extension allows Stored XSS.This issue affects MediaWiki QuizGame extension: 1.39, 1.43, 1.44.

Basic Information

ID CVE-2025-62654

Source wikimedia-foundation

Published Oct 17, 2025 at 22:38

Affected Product

Vendor The Wikimedia Foundation

Product MediaWiki QuizGame extension

Version 1.39

Affected Versions The Wikimedia Foundation MediaWiki QuizGame extension 1.39
The Wikimedia Foundation MediaWiki QuizGame extension 1.43
The Wikimedia Foundation MediaWiki QuizGame extension 1.44

CWE Classification

CWE-79

References

phabricator.wikimedia.org /T403924

{
    "lastseen": "",
    "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki QuizGame extension allows Stored XSS.This issue affects MediaWiki QuizGame extension: 1.39, 1.43, 1.44.",
    "published": "2025-10-17T22:38:54.033Z",
    "modified": "2025-10-17T22:38:54.033Z",
    "type": "cve",
    "title": "Stored XSS through system messages in QuizGame",
    "source": "wikimedia-foundation",
    "references": "https://phabricator.wikimedia.org/T403924",
    "id": "CVE-2025-62654",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "The Wikimedia Foundation MediaWiki QuizGame extension 1.39\nThe Wikimedia Foundation MediaWiki QuizGame extension 1.43\nThe Wikimedia Foundation MediaWiki QuizGame extension 1.44",
    "sourceHref": "",
    "cvss": {
        "score": 2,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:C/RE:M/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MediaWiki QuizGame extension",
    "version": "1.39",
    "vendor": "The Wikimedia Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}