CVE-2025-53487

{"id": "CVE-2025-53487", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2025-07-07T16:15:25.623", "references": [{"url": "https://gerrit.wikimedia.org/r/q/Ifcab085111e7898da485a5e2ae287fee4e6d167b", "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"}, {"url": "https://phabricator.wikimedia.org/T394383", "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this by injecting JavaScript payloads via the uselang=x-xss language override, which causes crafted message keys to be rendered unescaped.\n\n\n\n\nThis issue affects Mediawiki - ApprovedRevs extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2."}, {"lang": "es", "value": "La extensi\u00f3n ApprovedRevs para MediaWiki es vulnerable a XSS almacenado en varias ubicaciones donde los mensajes del sistema se insertan en HTML sin formato sin el escape adecuado. Los atacantes pueden explotar esto inyectando payloads de JavaScript mediante la sobreescritura de lenguaje uselang=x-xss, lo que provoca que las claves de mensaje creadas se representen sin escape. Este problema afecta a Mediawiki - extensi\u00f3n ApprovedRevs: de la versi\u00f3n 1.39.X a la 1.39.13, de la versi\u00f3n 1.42.X a la 1.42.7 y de la versi\u00f3n 1.43.X a la 1.43.2."}], "lastModified": "2025-07-08T16:18:34.923", "sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"}