CVE-2025-53479 Information

Jul 09, 2025 cve

Description

The CheckUser extension’s Special:CheckUser interface is vulnerable to reflected XSS via the rev-deleted-user message. This message is rendered without proper escaping making it possible to inject JavaScript through the uselang=x-xss language override mechanism.

This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13 from 1.42.X before 1.42.7 from 1.43.X before 1.43.2.

Reference

https://gerrit.wikimedia.org/r/q/I159e14543912cb3bc7f4a00c3090c0285b154786 https://phabricator.wikimedia.org/T394693

CNNVD-202510-4221 (Published: 2025-10-30)

Share on:

CVE-2025-53479 Information

Description

Reference

Related CNNVD