Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension allows Stored XSS.This issue affects MediaWiki WebAuthn extension: 1.39, 1.43, 1.44.
                
            Metrics
Affected Vendors & Products
References
        | Link | Providers | 
|---|---|
| https://phabricator.wikimedia.org/T403093 |     | 
History
                    Mon, 20 Oct 2025 16:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Mon, 20 Oct 2025 13:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Mediawiki Mediawiki mediawiki | |
| Vendors & Products | Mediawiki Mediawiki mediawiki | 
Fri, 17 Oct 2025 22:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension allows Stored XSS.This issue affects MediaWiki WebAuthn extension: 1.39, 1.43, 1.44. | |
| Title | Stored XSS in WebAuthn key name | |
| Weaknesses | CWE-79 | |
| References |  | |
| Metrics | cvssV4_0 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: wikimedia-foundation
Published: 2025-10-17T22:15:26.903Z
Updated: 2025-10-20T15:42:49.291Z
Reserved: 2025-10-17T22:01:52.600Z
Link: CVE-2025-62652
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-10-20T15:42:42.324Z
 NVD
                        NVD
                    Status : Awaiting Analysis
Published: 2025-10-17T23:15:35.027
Modified: 2025-10-21T19:31:50.020
Link: CVE-2025-62652
 Redhat
                        Redhat
                    No data.