CVE-2025-23072

MEDIUM EPSS 21.4%

Published Jan 14, 20251y ago · Modified Jun 17, 20261w ago

5.4 CVSS 3.1

Medium

Published Jan 14, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - RefreshSpecial Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - RefreshSpecial Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.

CVSS Details

Base Score

5.4

Exploitability

2.8

Impact

2.5

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality Low

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

21.4% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

References 2

gerrit.wikimedia.org https://gerrit.wikimedia.org/r/q/Ic9547e80a8296d707ad8a157eb8ba7aa26fb08dc
phabricator.wikimedia.org https://phabricator.wikimedia.org/T378885

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.