Stored XSS through system messages in PollNY_CVE-2025-62653

2 / 10

LOW

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:C/RE:M/U:Amber

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PollNY extension allows Stored XSS.This issue affects MediaWiki PollNY extension: 1.39, 1.43, 1.44.

Basic Information

ID CVE-2025-62653

Source wikimedia-foundation

Published Oct 17, 2025 at 22:23

Affected Product

Vendor The Wikimedia Foundation

Product MediaWiki PollNY extension

Version 1.39

Affected Versions The Wikimedia Foundation MediaWiki PollNY extension 1.39
The Wikimedia Foundation MediaWiki PollNY extension 1.43
The Wikimedia Foundation MediaWiki PollNY extension 1.44

CWE Classification

CWE-79

References

phabricator.wikimedia.org /T403923

{
    "lastseen": "",
    "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PollNY extension allows Stored XSS.This issue affects MediaWiki PollNY extension: 1.39, 1.43, 1.44.",
    "published": "2025-10-17T22:23:05.370Z",
    "modified": "2025-10-17T22:23:05.370Z",
    "type": "cve",
    "title": "Stored XSS through system messages in PollNY",
    "source": "wikimedia-foundation",
    "references": "https://phabricator.wikimedia.org/T403923",
    "id": "CVE-2025-62653",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "The Wikimedia Foundation MediaWiki PollNY extension 1.39\nThe Wikimedia Foundation MediaWiki PollNY extension 1.43\nThe Wikimedia Foundation MediaWiki PollNY extension 1.44",
    "sourceHref": "",
    "cvss": {
        "score": 2,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:C/RE:M/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MediaWiki PollNY extension",
    "version": "1.39",
    "vendor": "The Wikimedia Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}