CVE-2025-3469 Information

Description

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php.

This issue affects MediaWiki: before 1.39.12 1.42.6 1.43.1.

Reference

https://phabricator.wikimedia.org/T358689