CNNVD-202507-503 Information

Jul 04, 2025 cve

CNNVD ID

CNNVD-202507-503

CVE-2025-53484

CNNVD Published: 2025-07-04

Description (Chinese)

Wikimedia Mediawiki - SecurePoll extension是Wikimedia基金会的一个用于选举、投票和调查的特殊页面扩展。 Mediawiki - SecurePoll extension 1.39.13之前版本、1.42.7之前版本和1.43.2之前版本存在安全漏洞，该漏洞源于用户控制输入转义不当，可能导致注入JavaScript并危害用户会话。

Description (English)

Wikimedia Mediawiki - SecurePoll extension is a special page extension of the Wikimedia Foundation for elections, voting and investigations. There is a security loophole in the pre-Mediawiki - SecurePoll extension 1.39.13, in the pre-I.42.7 and in the pre-I.4.3.2, which stems from the inappropriate transfer of user control input, which could lead to the injection of JavaScript and jeopardize user sessions.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

维基媒体

Published

2025-07-04

Last Modified

2026-02-24

References

https://gerrit.wikimedia.org/r/1149655 https://gerrit.wikimedia.org/r/1149669 https://phabricator.wikimedia.org/T392341 https://access.redhat.com/security/cve/cve-2025-53484

Patch

https://www.mediawiki.org/wiki/Special:ExtensionDistributor/SecurePoll

Share on: