CVE-2025-53480 Information
Jul 09, 2025
cve
Description
The CheckUser extension’s Special:Investigate page has a vulnerability in the Account information tab where specific internationalized messages are rendered without proper escaping. Attackers can exploit this by appending ?uselang=x-xss to the URL causing reflected XSS when the UI renders affected message keys.
This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13 from 1.42.X before 1.42.7 from 1.43.X before 1.43.2.
Reference
https://gerrit.wikimedia.org/r/q/I777fc55fef15c3b00df0db268af2b64cb2d6e381 https://phabricator.wikimedia.org/T394700
Related CNNVD
CNNVD-202507-1015 (Published: 2025-07-08)
Share on: