CNNVD-202509-3985 Information

CNNVD ID

CNNVD-202509-3985

Related CVE

CVE-2025-59839

• CNNVD Published: 2025-09-25

Description (Chinese)

Extension Embed Video是Star Citizen Wiki开源的一个嵌入式视频软件。 EmbedVideo Extension 4.0.0及之前版本存在安全漏洞，该漏洞源于允许向HTML元素添加任意属性，可能导致存储型跨站脚本。

Description (English)

Extension Embed Video is an embedded video software from the Star Citizen Wiki open source. There is a security loophole in EmbedVideo Extension 4.0.0 and earlier versions, which stems from allowing the addition of arbitrary properties to HTML elements, which may result in storage-type cross-site scripts.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Star Citizen Wiki

Published

2025-09-25

Last Modified

2026-02-24

References

https://github.com/StarCitizenWiki/mediawiki-extensions-EmbedVideo/blob/440fb331a84b2050f4cc084c1d31d58a1d1c202d/resources/ext.embedVideo.videolink.js#L5-L20 https://github.com/StarCitizenWiki/mediawiki-extensions-EmbedVideo/blob/440fb331a84b2050f4cc084c1d31d58a1d1c202d/resources/modules/iframe.js#L139-L155 https://github.com/StarCitizenWiki/mediawiki-extensions-EmbedVideo/commit/4e075d3dc9a15a3ee53f449a684d5ab847e52f01 https://github.com/StarCitizenWiki/mediawiki-extensions-EmbedVideo/security/advisories/GHSA-4j5h-mvj3-m48v