CVE-2025-53369: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in StarCitizenTools mediawiki-extensions-ShortDescription
Short Description is a MediaWiki extension that provides local short description support. In version 4.0.0, short descriptions are not properly sanitized before being inserted as HTML using mw.util.addSubtitle, allowing any user to insert arbitrary HTML into the DOM by editing a page. This issue has been patched in version 4.0.1.
AI Analysis
Technical Summary
CVE-2025-53369 is a high-severity cross-site scripting (XSS) vulnerability identified in the ShortDescription extension for MediaWiki, developed by StarCitizenTools. This extension provides local short description support for MediaWiki pages. The vulnerability exists in version 4.0.0 of the extension, where user-supplied short descriptions are not properly sanitized before being inserted into the DOM as HTML via the mw.util.addSubtitle function. This improper neutralization of input (CWE-79) allows any user with edit permissions to inject arbitrary HTML or JavaScript code into the page content. Because the vulnerability does not require authentication or user interaction to exploit, an attacker can execute malicious scripts in the context of the victim's browser simply by having the victim visit a compromised or maliciously edited wiki page. The CVSS v3.1 base score is 8.6, reflecting the network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on confidentiality, with limited impact on integrity and availability. The vulnerability was patched in version 4.0.1 of the extension. No known exploits are currently reported in the wild. The affected versions include all releases from 4.0.0 up to but not including 4.0.1, and certain commit ranges specified in the metadata. This vulnerability is significant because MediaWiki is widely used for collaborative documentation and knowledge bases, and the ShortDescription extension is used to enhance page metadata. Successful exploitation could lead to session hijacking, defacement, or distribution of malware via injected scripts.
Potential Impact
For European organizations, the impact of this vulnerability can be substantial, especially for those relying on MediaWiki platforms for internal knowledge management, documentation, or public-facing wikis. Exploitation could lead to unauthorized disclosure of sensitive information (confidentiality impact) through session token theft or credential capture. The integrity of wiki content could be compromised by injecting misleading or malicious content, damaging organizational reputation and trust. Availability impact, while rated low, could occur if injected scripts perform denial-of-service actions on users or the wiki platform. Public sector entities, educational institutions, and enterprises using MediaWiki with the ShortDescription extension are at risk of targeted attacks aiming to disrupt operations or gather intelligence. Since the vulnerability requires no authentication, any user with edit access or potentially anonymous users (depending on wiki configuration) could exploit it, increasing the attack surface. The lack of known exploits in the wild suggests limited immediate risk, but the high CVSS score and ease of exploitation warrant prompt remediation to prevent future attacks.
Mitigation Recommendations
European organizations should immediately upgrade the ShortDescription MediaWiki extension to version 4.0.1 or later, where the vulnerability has been patched. If upgrading is not immediately feasible, organizations should implement strict input validation and sanitization at the application level to prevent injection of arbitrary HTML or scripts in short descriptions. Restricting edit permissions to trusted users can reduce the risk of exploitation. Additionally, enabling Content Security Policy (CSP) headers can help mitigate the impact of injected scripts by restricting the sources from which scripts can be loaded and executed. Regularly auditing wiki pages for suspicious content and monitoring logs for unusual editing activity can help detect exploitation attempts. Organizations should also educate users about the risks of clicking on untrusted wiki links and encourage the use of updated browsers with built-in XSS protections. Finally, maintaining an up-to-date inventory of MediaWiki extensions and their versions will facilitate timely vulnerability management.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Belgium, Italy
CVE-2025-53369: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in StarCitizenTools mediawiki-extensions-ShortDescription
Description
Short Description is a MediaWiki extension that provides local short description support. In version 4.0.0, short descriptions are not properly sanitized before being inserted as HTML using mw.util.addSubtitle, allowing any user to insert arbitrary HTML into the DOM by editing a page. This issue has been patched in version 4.0.1.
AI-Powered Analysis
Technical Analysis
CVE-2025-53369 is a high-severity cross-site scripting (XSS) vulnerability identified in the ShortDescription extension for MediaWiki, developed by StarCitizenTools. This extension provides local short description support for MediaWiki pages. The vulnerability exists in version 4.0.0 of the extension, where user-supplied short descriptions are not properly sanitized before being inserted into the DOM as HTML via the mw.util.addSubtitle function. This improper neutralization of input (CWE-79) allows any user with edit permissions to inject arbitrary HTML or JavaScript code into the page content. Because the vulnerability does not require authentication or user interaction to exploit, an attacker can execute malicious scripts in the context of the victim's browser simply by having the victim visit a compromised or maliciously edited wiki page. The CVSS v3.1 base score is 8.6, reflecting the network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on confidentiality, with limited impact on integrity and availability. The vulnerability was patched in version 4.0.1 of the extension. No known exploits are currently reported in the wild. The affected versions include all releases from 4.0.0 up to but not including 4.0.1, and certain commit ranges specified in the metadata. This vulnerability is significant because MediaWiki is widely used for collaborative documentation and knowledge bases, and the ShortDescription extension is used to enhance page metadata. Successful exploitation could lead to session hijacking, defacement, or distribution of malware via injected scripts.
Potential Impact
For European organizations, the impact of this vulnerability can be substantial, especially for those relying on MediaWiki platforms for internal knowledge management, documentation, or public-facing wikis. Exploitation could lead to unauthorized disclosure of sensitive information (confidentiality impact) through session token theft or credential capture. The integrity of wiki content could be compromised by injecting misleading or malicious content, damaging organizational reputation and trust. Availability impact, while rated low, could occur if injected scripts perform denial-of-service actions on users or the wiki platform. Public sector entities, educational institutions, and enterprises using MediaWiki with the ShortDescription extension are at risk of targeted attacks aiming to disrupt operations or gather intelligence. Since the vulnerability requires no authentication, any user with edit access or potentially anonymous users (depending on wiki configuration) could exploit it, increasing the attack surface. The lack of known exploits in the wild suggests limited immediate risk, but the high CVSS score and ease of exploitation warrant prompt remediation to prevent future attacks.
Mitigation Recommendations
European organizations should immediately upgrade the ShortDescription MediaWiki extension to version 4.0.1 or later, where the vulnerability has been patched. If upgrading is not immediately feasible, organizations should implement strict input validation and sanitization at the application level to prevent injection of arbitrary HTML or scripts in short descriptions. Restricting edit permissions to trusted users can reduce the risk of exploitation. Additionally, enabling Content Security Policy (CSP) headers can help mitigate the impact of injected scripts by restricting the sources from which scripts can be loaded and executed. Regularly auditing wiki pages for suspicious content and monitoring logs for unusual editing activity can help detect exploitation attempts. Organizations should also educate users about the risks of clicking on untrusted wiki links and encourage the use of updated browsers with built-in XSS protections. Finally, maintaining an up-to-date inventory of MediaWiki extensions and their versions will facilitate timely vulnerability management.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-06-27T12:57:16.121Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6866e37a6f40f0eb729b8c3b
Added to database: 7/3/2025, 8:09:30 PM
Last enriched: 7/3/2025, 8:24:31 PM
Last updated: 7/3/2025, 9:21:36 PM
Views: 3
Related Threats
CVE-2025-5322: CWE-434 Unrestricted Upload of File with Dangerous Type in e4jvikwp VikRentCar Car Rental Management System
HighCVE-2025-53367: CWE-787: Out-of-bounds Write in DjvuNet DjVuLibre
HighCVE-2025-49826: CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in vercel next.js
HighCVE-2025-49005: CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in vercel next.js
LowCVE-2025-52554: CWE-862: Missing Authorization in n8n-io n8n
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.