CVE-2025-43861 is a medium-severity cross-site scripting (XSS) vulnerability affecting the ManageWiki extension of MediaWiki, developed by Miraheze. ManageWiki facilitates wiki management by allowing users to perform administrative tasks within the wiki environment. The vulnerability arises from improper neutralization of user input during web page generation, specifically within the "Review Changes" dialog. Prior to the patch introduced in commit 2f177dc, a logged-in attacker could manipulate a form field to inject malicious JavaScript payloads. When the same user subsequently opens the "Review Changes" dialog, the injected script executes in the context of their session, potentially compromising session integrity and user data. This is a reflected or stored XSS vulnerability, meaning the malicious payload can persist and execute upon user interaction with the affected dialog. Exploitation requires the attacker to be authenticated and to modify form input fields, but does not require additional user interaction beyond opening the review dialog. The vulnerability has been addressed in the specified commit, and no known exploits are currently reported in the wild. The issue is classified under CWE-79, highlighting improper input sanitization during web page generation as the root cause.

For European organizations utilizing MediaWiki with the ManageWiki extension, this vulnerability poses a risk primarily to the confidentiality and integrity of user sessions and data. Successful exploitation could allow attackers to execute arbitrary scripts in the context of authenticated users, potentially leading to session hijacking, unauthorized actions, or data leakage within the wiki environment. Given that ManageWiki is used for wiki management, compromised accounts could result in unauthorized content modifications or administrative changes, undermining the reliability and trustworthiness of organizational knowledge bases. The impact is particularly significant for organizations relying on wikis for internal documentation, collaboration, or knowledge sharing, including government agencies, educational institutions, and enterprises. However, the requirement for attacker authentication and the need for the victim to open the review dialog limit the attack surface, reducing the likelihood of widespread exploitation. Nonetheless, targeted attacks against privileged users or administrators could have severe consequences.

To mitigate this vulnerability, European organizations should promptly update the ManageWiki extension to the patched version including commit 2f177dc or later. Beyond patching, organizations should implement strict input validation and output encoding policies within their MediaWiki deployments to prevent injection of malicious scripts. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the wiki environment. Additionally, enforce the principle of least privilege by limiting ManageWiki access to only necessary users and roles, reducing the risk of malicious input from compromised accounts. Regularly audit user activities and form submissions for suspicious behavior. Consider implementing multi-factor authentication (MFA) to further protect user accounts. Finally, educate users about the risks of interacting with untrusted content and encourage cautious behavior when reviewing changes within the wiki.