QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-7363

Back to search

CVE-2025-7363

Published: Jul 8, 2025

Modified: Jul 10, 2025

PUBLISHED

Description

The TitleIcon extension for MediaWiki is vulnerable to stored XSS through the #titleicon_unicode parser function. User input passed to this function is wrapped in an HtmlArmor object without sanitization and rendered directly into the page header, allowing attackers to inject arbitrary JavaScript. This issue affects Mediawiki - TitleIcon extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

VendorProductVersions

Wikimedia Foundation

Mediawiki - TitleIcon extension

affected
1.39.x - < 1.39.13
affected
1.42.x - < 1.42.7
affected
1.43.x - < 1.43.2

Weaknesses (CWE)

CWE-79

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now