CVE-2025-62671
EPSS 0.06%Cargo Mediawiki Extension vulnerable to Cross-site Scripting
發布日:2025/10/18修改日:2025/10/20
描述
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension befor 3.8.3.
受影響套件(1)
- Packagist/mediawiki/cargofrom 0, < 3.8.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-62671
- PATCHhttps://github.com/wikimedia/mediawiki-extensions-Cargo
- WEBhttps://gerrit.wikimedia.org/r/1179707
- WEBhttps://github.com/wikimedia/mediawiki-extensions-Cargo/commit/e50915626c0d9a7b222dabc94ddfcb516caf557d
- WEBhttps://phabricator.wikimedia.org/T402147