QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-53484

Back to search

CVE-2025-53484

Published: Jul 4, 2025

Modified: Jul 8, 2025

PUBLISHED

Description

User-controlled inputs are improperly escaped in: * VotePage.php (poll option input) * ResultPage::getPagesTab() and getErrorsTab() (user-controllable page names) This allows attackers to inject JavaScript and compromise user sessions under certain conditions. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

VendorProductVersions

Wikimedia Foundation

Mediawiki - SecurePoll extension

affected
1.39.x - < 1.39.13
affected
1.42.x - < 1.42.7
affected
1.43.x - < 1.43.2

Weaknesses (CWE)

CWE-79

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now