CNNVD-202507-1015 Information

Jul 08, 2025 cve

CNNVD ID

CNNVD-202507-1015

CVE-2025-53480

CNNVD Published: 2025-07-08

Description (Chinese)

Wikimedia Mediawiki - CheckUser Extension是Wikimedia基金会的一个查询IP地址的扩展。 Wikimedia Mediawiki - CheckUser Extension存在安全漏洞，该漏洞源于Account information tab中的特定国际化消息未正确转义，可能导致反射型跨站脚本攻击。以下版本受到影响：1.39.13版本之前的1.39.x版本、1.42.7版本之前的1.42.x版本和1.43.2版本之前的1.43.x版本。

Description (English)

Wikimedia Mediawiki-CheckUser Extension is an extension of a query IP address of the Wikimedia Foundation. Wikimedia Mediawiki-CheckUser Extension has a security loophole, which stems from the incorrect transposition of specific internationalized messages in Account information tab, which may lead to a cross-script attack. The following versions were affected: 1.39.x, 1.42.x, 1.42.7 and 1.43.x, before 1.39.13.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

维基媒体

Published

2025-07-08

Last Modified

2026-02-24

References

https://phabricator.wikimedia.org/T394700 https://gerrit.wikimedia.org/r/q/I777fc55fef15c3b00df0db268af2b64cb2d6e381 https://access.redhat.com/security/cve/cve-2025-53480

Patch

https://www.mediawiki.org/wiki/Special:ExtensionDistributor/CheckUser

Share on: