CVE-2025-53484: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Wikimedia Foundation Mediawiki - SecurePoll extension
User-controlled inputs are improperly escaped in: * VotePage.php (poll option input) * ResultPage::getPagesTab() and getErrorsTab() (user-controllable page names) This allows attackers to inject JavaScript and compromise user sessions under certain conditions. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
AI Analysis
Technical Summary
CVE-2025-53484 is a critical cross-site scripting (XSS) vulnerability identified in the SecurePoll extension of the Wikimedia Foundation's Mediawiki software. This vulnerability arises from improper neutralization of user-controlled inputs during web page generation, specifically in the VotePage.php file where poll option inputs are handled, and in the ResultPage::getPagesTab() and getErrorsTab() functions where user-controllable page names are processed. Due to insufficient escaping of these inputs, attackers can inject malicious JavaScript code into the web pages generated by the SecurePoll extension. This injected script can execute in the context of other users' browsers, potentially leading to session hijacking, credential theft, or other malicious actions without requiring any user interaction or authentication. The affected versions include Mediawiki SecurePoll extension releases from 1.39.x before 1.39.13, 1.42.x before 1.42.7, and 1.43.x before 1.43.2. The vulnerability has a CVSS v3.1 score of 9.8, indicating a critical severity level with network attack vector, low attack complexity, no privileges required, and no user interaction needed. Although no known exploits are currently reported in the wild, the nature of the vulnerability and its critical rating suggest a high risk of exploitation once publicly disclosed. This vulnerability can compromise confidentiality, integrity, and availability of affected systems by enabling attackers to execute arbitrary scripts, manipulate user sessions, and potentially pivot to further attacks within the affected Mediawiki deployments.
Potential Impact
For European organizations using Mediawiki with the SecurePoll extension, this vulnerability poses a significant risk. Mediawiki is widely used in various sectors including government, education, and enterprises for collaborative documentation and knowledge management. Exploitation of this XSS flaw could lead to unauthorized access to sensitive internal information, session hijacking of privileged users, and potential spread of malware through trusted wiki pages. Given the criticality and ease of exploitation, attackers could target European public sector wikis or corporate knowledge bases to disrupt operations or conduct espionage. The impact extends beyond data confidentiality to integrity and availability, as attackers could deface wiki pages or inject misleading information. This could undermine trust in organizational knowledge repositories and cause operational disruptions. Additionally, compliance with European data protection regulations such as GDPR could be jeopardized if personal data is exposed or manipulated through this vulnerability.
Mitigation Recommendations
European organizations should prioritize upgrading the SecurePoll extension to the fixed versions: 1.39.13 or later for the 1.39.x branch, 1.42.7 or later for the 1.42.x branch, and 1.43.2 or later for the 1.43.x branch. Until patches are applied, organizations should implement strict input validation and output encoding on all user-supplied data related to polls and page names within their Mediawiki deployments. Employing Content Security Policy (CSP) headers can help mitigate the impact of injected scripts by restricting script execution sources. Additionally, organizations should audit their Mediawiki configurations to disable or limit the use of the SecurePoll extension if not essential. Monitoring web server logs and Mediawiki access logs for unusual requests or payloads targeting poll options or page names can help detect attempted exploitation. User awareness training should emphasize caution when interacting with wiki content, especially in environments where the extension is used. Finally, organizations should maintain regular backups of wiki content to enable recovery in case of defacement or data manipulation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Belgium, Italy, Spain
CVE-2025-53484: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Wikimedia Foundation Mediawiki - SecurePoll extension
Description
User-controlled inputs are improperly escaped in: * VotePage.php (poll option input) * ResultPage::getPagesTab() and getErrorsTab() (user-controllable page names) This allows attackers to inject JavaScript and compromise user sessions under certain conditions. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
AI-Powered Analysis
Technical Analysis
CVE-2025-53484 is a critical cross-site scripting (XSS) vulnerability identified in the SecurePoll extension of the Wikimedia Foundation's Mediawiki software. This vulnerability arises from improper neutralization of user-controlled inputs during web page generation, specifically in the VotePage.php file where poll option inputs are handled, and in the ResultPage::getPagesTab() and getErrorsTab() functions where user-controllable page names are processed. Due to insufficient escaping of these inputs, attackers can inject malicious JavaScript code into the web pages generated by the SecurePoll extension. This injected script can execute in the context of other users' browsers, potentially leading to session hijacking, credential theft, or other malicious actions without requiring any user interaction or authentication. The affected versions include Mediawiki SecurePoll extension releases from 1.39.x before 1.39.13, 1.42.x before 1.42.7, and 1.43.x before 1.43.2. The vulnerability has a CVSS v3.1 score of 9.8, indicating a critical severity level with network attack vector, low attack complexity, no privileges required, and no user interaction needed. Although no known exploits are currently reported in the wild, the nature of the vulnerability and its critical rating suggest a high risk of exploitation once publicly disclosed. This vulnerability can compromise confidentiality, integrity, and availability of affected systems by enabling attackers to execute arbitrary scripts, manipulate user sessions, and potentially pivot to further attacks within the affected Mediawiki deployments.
Potential Impact
For European organizations using Mediawiki with the SecurePoll extension, this vulnerability poses a significant risk. Mediawiki is widely used in various sectors including government, education, and enterprises for collaborative documentation and knowledge management. Exploitation of this XSS flaw could lead to unauthorized access to sensitive internal information, session hijacking of privileged users, and potential spread of malware through trusted wiki pages. Given the criticality and ease of exploitation, attackers could target European public sector wikis or corporate knowledge bases to disrupt operations or conduct espionage. The impact extends beyond data confidentiality to integrity and availability, as attackers could deface wiki pages or inject misleading information. This could undermine trust in organizational knowledge repositories and cause operational disruptions. Additionally, compliance with European data protection regulations such as GDPR could be jeopardized if personal data is exposed or manipulated through this vulnerability.
Mitigation Recommendations
European organizations should prioritize upgrading the SecurePoll extension to the fixed versions: 1.39.13 or later for the 1.39.x branch, 1.42.7 or later for the 1.42.x branch, and 1.43.2 or later for the 1.43.x branch. Until patches are applied, organizations should implement strict input validation and output encoding on all user-supplied data related to polls and page names within their Mediawiki deployments. Employing Content Security Policy (CSP) headers can help mitigate the impact of injected scripts by restricting script execution sources. Additionally, organizations should audit their Mediawiki configurations to disable or limit the use of the SecurePoll extension if not essential. Monitoring web server logs and Mediawiki access logs for unusual requests or payloads targeting poll options or page names can help detect attempted exploitation. User awareness training should emphasize caution when interacting with wiki content, especially in environments where the extension is used. Finally, organizations should maintain regular backups of wiki content to enable recovery in case of defacement or data manipulation.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- wikimedia-foundation
- Date Reserved
- 2025-06-30T15:20:44.462Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 686811d36f40f0eb72a1e2c3
Added to database: 7/4/2025, 5:39:31 PM
Last enriched: 7/14/2025, 9:17:22 PM
Last updated: 7/14/2025, 9:17:22 PM
Views: 14
Related Threats
CVE-2025-4302: CWE-203 Observable Discrepancy in Stop User Enumeration
HighCVE-2025-7735: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in UNIMAX Hospital Information System
HighCVE-2025-7712: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in MangaBooth Madara - Core
CriticalCVE-2025-7729: Cross Site Scripting in Scada-LTS
MediumCVE-2025-5396: CWE-94 Improper Control of Generation of Code ('Code Injection') in Bearsthemes Bears Backup
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.