CVE-2025-10354
Reflected XSS in Semantic MediaWiki Allows Session Hijacking
Publication date: 2026-04-21
Last updated on: 2026-04-21
Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| semantic_mediawiki | semantic_mediawiki | to 5.0.2 (exc) |
| semantic_mediawiki | semantic_mediawiki | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for malicious URLs targeting the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter that contain suspicious JavaScript code.
You can use network traffic inspection tools or web server logs to identify requests with unusual or encoded JavaScript payloads in this parameter.
For example, using command-line tools like grep on web server logs to search for the vulnerable endpoint:
- grep "/index.php/Speciaal:GefacetteerdZoeken" /var/log/apache2/access.log
Additionally, you can use curl or wget to test the endpoint with crafted payloads to see if the application reflects input without proper sanitization.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade Semantic MediaWiki to version 5.0.2 or later, where the issue has been resolved.
Until the upgrade can be applied, consider implementing web application firewall (WAF) rules to block requests containing suspicious scripts targeting the vulnerable endpoint.
Also, educate users to avoid clicking on suspicious or untrusted URLs that may exploit this vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to execute arbitrary JavaScript code in a victim's browser, potentially leading to the theft of sensitive user data such as session cookies or unauthorized actions performed on behalf of the user.
Such unauthorized access and data theft can impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and breaches.
Therefore, exploitation of this vulnerability could lead to violations of these standards due to compromised user data confidentiality and integrity.
Can you explain this vulnerability to me?
CVE-2025-10354 is a reflected Cross-Site Scripting (XSS) vulnerability found in Semantic MediaWiki versions prior to 5.0.2.
This vulnerability allows an attacker to execute arbitrary JavaScript code in a victim's browser by sending them a malicious URL that exploits the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter.
The attack requires no privileges and no user interaction other than clicking the crafted URL.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to the theft of sensitive user data such as session cookies.
It can also allow attackers to perform unauthorized actions on behalf of the user.