Stored XSS in Quiz

July 7, 2025 invoker category_cve

CVE Details

Basic Information

Title Stored XSS in Quiz
Type cve
Published 2025-07-07T15:12:13.202Z
Modified 2025-07-07T15:12:13.447Z

Product Information

Vendor Wikimedia Foundation
Product Mediawiki – Quiz Extension
Version 1.39.x

CVSS Information

Base Score 0.0 ()

AI Analysis

AI Description A stored XSS vulnerability in the Quiz Extension of Mediawiki allows attackers to inject malicious scripts, potentially affecting multiple users. This issue is significant due to the widespread use of Mediawiki.
AI Severity Medium
AI Vendor Wikimedia Foundation
AI Product Mediawiki – Quiz Extension
AI Version 1.39.x, 1.42.x, 1.43.x

Affected Products

  • Wikimedia Foundation Mediawiki – Quiz Extension 1.39.x
  • Wikimedia Foundation Mediawiki – Quiz Extension 1.42.x
  • Wikimedia Foundation Mediawiki – Quiz Extension 1.43.x

Additional Information

CWE List CWE-79
Source wikimedia-foundation

Description

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Wikimedia Foundation Mediawiki – Quiz Extension allows Stored XSS. This issue affects Mediawiki – Quiz Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.