CNNVD-202510-2532 Information

CNNVD ID

CNNVD-202510-2532

Related CVE

CVE-2025-62663

• CNNVD Published: 2025-10-18

Description (Chinese)

Mediawiki - UploadWizard Extension是Mediawiki开源的一个文件上传插件。 Mediawiki - UploadWizard Extension master版本至1.39之前版本存在安全漏洞，该漏洞源于Web页面生成期间输入中和不当，可能导致存储型跨站脚本。

Description (English)

Mediawiki - UploadWizard Extension is a file upload plugin from Mediawiki Open Source. There is a security loophole in the pre-Mediawiki - UploadWizad Extension master version to 1.39, which stems from the misinputation of input during the web page generation, which may result in storage-type cross-site scripts.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

维基媒体

Published

2025-10-18

Last Modified

2026-02-24

References

https://gerrit.wikimedia.org/r/q/I37ea7c8825e9de776e207b3919b451ba2b905369 https://phabricator.wikimedia.org/T402095 https://access.redhat.com/security/cve/cve-2025-62663

Patch

https://phabricator.wikimedia.org/T402095