Skip to main content

CVE-2025-53494: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Wikimedia Foundation Mediawiki - TwoColConflict Extension

Medium
VulnerabilityCVE-2025-53494cvecve-2025-53494cwe-79
Published: Wed Jul 02 2025 (07/02/2025, 14:24:54 UTC)
Source: CVE Database V5
Vendor/Project: Wikimedia Foundation
Product: Mediawiki - TwoColConflict Extension

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - TwoColConflict Extension allows Stored XSS.This issue affects Mediawiki - TwoColConflict Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

AI-Powered Analysis

AILast updated: 07/14/2025, 20:56:36 UTC

Technical Analysis

CVE-2025-53494 is a medium-severity vulnerability classified under CWE-79, which pertains to Improper Neutralization of Input During Web Page Generation, commonly known as Cross-site Scripting (XSS). This vulnerability affects the TwoColConflict extension of the Wikimedia Foundation's Mediawiki software, specifically versions 1.39.x before 1.39.13, 1.42.x before 1.42.7, and 1.43.x before 1.43.2. The flaw allows an attacker to inject malicious scripts that are stored and later executed in the context of users visiting affected Mediawiki pages. Since the vulnerability is a stored XSS, the malicious payload is saved on the server and served to users without proper sanitization or encoding, enabling persistent exploitation. The CVSS v3.1 base score is 6.5, indicating a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) shows that the attack can be performed remotely over the network without authentication or user interaction, with low attack complexity. The impact affects confidentiality and integrity but not availability. Specifically, an attacker could steal session cookies, perform actions on behalf of users, or manipulate displayed content, potentially leading to account compromise or misinformation. No known exploits are currently reported in the wild, and no official patches are linked in the provided data, but the affected versions have been identified and fixed in subsequent releases.

Potential Impact

For European organizations using Mediawiki with the TwoColConflict extension, this vulnerability poses a risk of persistent XSS attacks that can compromise user sessions and data integrity. Organizations relying on Mediawiki for internal knowledge bases, documentation, or public information portals could face unauthorized access to user credentials or manipulation of displayed content, undermining trust and potentially exposing sensitive information. Since the vulnerability requires no authentication or user interaction, it can be exploited by remote attackers, increasing the risk of widespread impact. Public-facing Mediawiki installations in government, educational institutions, and enterprises are particularly at risk, as attackers could leverage the vulnerability to conduct phishing, spread misinformation, or escalate privileges. The lack of availability impact means service disruption is unlikely, but confidentiality and integrity breaches could have reputational and operational consequences.

Mitigation Recommendations

European organizations should promptly upgrade the TwoColConflict extension to versions 1.39.13, 1.42.7, or 1.43.2 or later, where the vulnerability has been addressed. In the absence of immediate patching, administrators should implement strict input validation and output encoding on all user-supplied content within the extension, especially in conflict resolution interfaces. Employing Content Security Policy (CSP) headers can help mitigate the impact of XSS by restricting script execution sources. Regularly audit Mediawiki installations for unauthorized script injections and monitor logs for suspicious activities. Additionally, limit the extension's usage to trusted users and restrict editing permissions where feasible. Educate users about the risks of clicking unknown links or executing scripts from untrusted sources. Finally, maintain an up-to-date inventory of Mediawiki versions and extensions to ensure timely application of security updates.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
wikimedia-foundation
Date Reserved
2025-06-30T15:36:34.119Z
Cvss Version
null
State
PUBLISHED

Threat ID: 686544a26f40f0eb7292f60e

Added to database: 7/2/2025, 2:39:30 PM

Last enriched: 7/14/2025, 8:56:36 PM

Last updated: 7/25/2025, 6:49:10 AM

Views: 16

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats