CVE-2025-53480
Published: Jul 8, 2025
Modified: Jul 8, 2025
Description
The CheckUser extension’s Special:Investigate page has a vulnerability in the Account information tab, where specific internationalized messages are rendered without proper escaping. Attackers can exploit this by appending ?uselang=x-xss to the URL, causing reflected XSS when the UI renders affected message keys. This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
| Vendor | Product | Versions |
|---|---|---|
Wikimedia Foundation | Mediawiki - CheckUser extension | affected 1.39.x - < 1.39.13affected 1.42.x - < 1.42.7affected 1.43.x - < 1.43.2 |
Weaknesses (CWE)
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now