CVE-2025-62694
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-21

Last updated on: 2025-10-21

Assigner: wikimedia-foundation

Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLove Extension allows Stored XSS.This issue affects Mediawiki - WikiLove Extension: 1.39.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-21
Last Modified
2025-10-21
Generated
2026-05-06
AI Q&A
2025-10-21
EPSS Evaluated
2026-05-05
NVD
CVE-2025-62694
EUVD
EUVD-2025-35130
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
the_wikimedia_foundation mediawiki 1.43
the_wikimedia_foundation mediawiki 1.45.0-alpha
the_wikimedia_foundation wikilove *
the_wikimedia_foundation mediawiki 1.44
the_wikimedia_foundation mediawiki 1.39
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-62694 is a stored Cross-Site Scripting (XSS) vulnerability in the WikiLove extension of MediaWiki. It occurs because a system message (`wikilove-what-is-this-link`) is inserted directly into the href attribute of a link without proper validation or sanitization. An attacker can modify this message to include malicious JavaScript code, which executes when a user clicks the affected link, allowing the attacker to run arbitrary scripts in the user's browser. [1]


How can this vulnerability impact me? :

This vulnerability can allow attackers to execute arbitrary JavaScript code in the context of users interacting with the WikiLove extension. This can lead to session hijacking, credential theft, or other malicious actions that compromise user accounts and data security. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking if the system message `MediaWiki:Wikilove-what-is-this-link` contains unsafe JavaScript payloads in its href attribute. One way to detect it is to inspect the content of this system message for suspicious JavaScript URLs such as `javascript:alert(document.domain)`. Additionally, you can reproduce the issue by enabling the WikiLove tab in user preferences, visiting a user's talk page, clicking the heart icon, and middle-clicking the "What is this?" link to see if injected JavaScript executes. There are no specific network commands provided, but manual inspection or automated scanning of the system message content for unsafe href values is recommended. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include sanitizing the URL used in the `wikilove-what-is-this-link` system message to allow only safe URLs such as HTTP or HTTPS. If you are using MediaWiki version 1.39 or similar, apply the available patch that restricts the href attribute to only HTTP and HTTPS URLs. Avoid using untrusted or user-controlled input directly in the href attribute without validation. Updating to a patched version of MediaWiki or the WikiLove extension that includes the fix is strongly recommended. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart