Vulnerabilities

CVE-2025-53484

by Fred · 04/07/2025

User-controlled inputs are improperly escaped in:

*
VotePage.php (poll option input)

*
ResultPage::getPagesTab() and getErrorsTab() (user-controllable page names)

This allows attackers to inject JavaScript and compromise user sessions under certain conditions.

This issue affects Mediawiki – SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

More information : https://gerrit.wikimedia.org/r/1149655

Similar

Tags: Cybersecurity Alert