CVE-2025-62671
EPSS 0.06%Cargo Mediawiki Extension vulnerable to Cross-site Scripting
Published: 10/18/2025Modified: 10/20/2025
Also known as:GHSA-gr6v-3pmp-996p
Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension befor 3.8.3.
Affected packages (1)
- Packagist/mediawiki/cargofrom 0, < 3.8.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-62671
- PATCHhttps://github.com/wikimedia/mediawiki-extensions-Cargo
- WEBhttps://gerrit.wikimedia.org/r/1179707
- WEBhttps://github.com/wikimedia/mediawiki-extensions-Cargo/commit/e50915626c0d9a7b222dabc94ddfcb516caf557d
- WEBhttps://phabricator.wikimedia.org/T402147