CVE-2025-53487
Published: Jul 7, 2025
Modified: Jul 7, 2025
Description
The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this by injecting JavaScript payloads via the uselang=x-xss language override, which causes crafted message keys to be rendered unescaped. This issue affects Mediawiki - ApprovedRevs extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
| Vendor | Product | Versions |
|---|---|---|
Wikimedia Foundation | Mediawiki - ApprovedRevs extension | affected 1.39.x - < 1.39.13affected 1.42.x - < 1.42.7affected 1.43.x - < 1.43.2 |
Weaknesses (CWE)
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now