CVE Details
Basic Information
| Title | Stored XSS in UrlShortener |
|---|---|
| Type | cve |
| Published | 2025-07-07T13:57:25.974Z |
| Modified | 2025-07-07T14:42:48.894Z |
Product Information
| Vendor | Wikimedia Foundation |
|---|---|
| Product | Mediawiki – UrlShortener Extension |
| Version | 1.42.x |
CVSS Information
| Base Score | 0.0 () |
|---|
AI Analysis
| AI Description | A stored XSS vulnerability in the UrlShortener extension for Mediawiki allows attackers to inject malicious scripts, potentially leading to unauthorized actions and data theft. This issue affects versions 1.42.x before 1.42.7 and 1.43.x before 1.43.2. |
|---|---|
| AI Severity | High |
| AI Vendor | Wikimedia Foundation |
| AI Product | Mediawiki – UrlShortener Extension |
| AI Version | 1.42.x, 1.43.x |
Affected Products
- Wikimedia Foundation Mediawiki – UrlShortener Extension 1.42.x
- Wikimedia Foundation Mediawiki – UrlShortener Extension 1.43.x
Additional Information
| CWE List | CWE-79 |
|---|---|
| Source | wikimedia-foundation |
Description
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Wikimedia Foundation Mediawiki – UrlShortener Extension allows Stored XSS. This issue affects Mediawiki – UrlShortener Extension: from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.