CVE-2025-53487 Information
Jul 08, 2025
cve
Description
The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this by injecting JavaScript payloads via the uselang=x-xss language override which causes crafted message keys to be rendered unescaped.
This issue affects Mediawiki - ApprovedRevs extension: from 1.39.X before 1.39.13 from 1.42.X before 1.42.7 from 1.43.X before 1.43.2.
Reference
https://gerrit.wikimedia.org/r/q/Ifcab085111e7898da485a5e2ae287fee4e6d167b https://phabricator.wikimedia.org/T394383
Related CNNVD
CNNVD-202507-719 (Published: 2025-07-07)
Share on: