CVE-2025-53484 Information
Jul 05, 2025
cve
Description
User-controlled inputs are improperly escaped in:
VotePage.php (poll option input)
ResultPage::getPagesTab() and getErrorsTab() (user-controllable page names)
This allows attackers to inject JavaScript and compromise user sessions under certain conditions.
This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13 from 1.42.X before 1.42.7 from 1.43.X before 1.43.2.
Reference
https://gerrit.wikimedia.org/r/1149655 https://gerrit.wikimedia.org/r/1149669 https://phabricator.wikimedia.org/T392341
Related CNNVD
CNNVD-202507-503 (Published: 2025-07-04)
Share on: