GlobalBlocking Special:GlobalBlockList vulnerable to message key stored XSS_CVE-2025-62656

5.8 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:C/RE:L/U:Amber

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki GlobalBlocking extension allows Stored XSS.This issue affects MediaWiki GlobalBlocking extension: 1.43, 1.44.

Basic Information

ID CVE-2025-62656

Source wikimedia-foundation

Published Oct 20, 2025 at 20:15

Modified Oct 20, 2025 at 20:35

Affected Product

Vendor The Wikimedia Foundation

Product MediaWiki GlobalBlocking extension

Version 1.43

Affected Versions The Wikimedia Foundation MediaWiki GlobalBlocking extension 1.43
The Wikimedia Foundation MediaWiki GlobalBlocking extension 1.44

CWE Classification

CWE-79

References

phabricator.wikimedia.org /T403291

{
    "lastseen": "",
    "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki GlobalBlocking extension allows Stored XSS.This issue affects MediaWiki GlobalBlocking extension: 1.43, 1.44.",
    "published": "2025-10-20T20:15:14.947Z",
    "modified": "2025-10-20T20:35:55.124Z",
    "type": "cve",
    "title": "GlobalBlocking Special:GlobalBlockList vulnerable to message key stored XSS",
    "source": "wikimedia-foundation",
    "references": "https://phabricator.wikimedia.org/T403291",
    "id": "CVE-2025-62656",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "The Wikimedia Foundation MediaWiki GlobalBlocking extension 1.43\nThe Wikimedia Foundation MediaWiki GlobalBlocking extension 1.44",
    "sourceHref": "",
    "cvss": {
        "score": 5.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:C/RE:L/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MediaWiki GlobalBlocking extension",
    "version": "1.43",
    "vendor": "The Wikimedia Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}