GCVE - cpe:2.3:a:wikimedia_foundation:mediawiki_-_checkuser

Approved changes feed: RSS · Atom

cpe:2.3:a:wikimedia_foundation:mediawiki_-_checkuser_extension:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Wikimedia Foundation (`f7943c01-50f6-53ec-b645-b355c8f75e02`)
Product	Mediawiki Checkuser Extension (`40de0a33-89dd-5475-9718-9257e9762938`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-53480`	vulnerable	2026-06-03 15:03:54.139603	CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate (Account information tab) via unsanitized i18n messages The CheckUser extension’s Special:Investigate page has a vulnerability in the Account information tab, where specific internationalized messages are rendered without proper escaping. Attackers can exploit this by appending ?uselang=x-xss to the URL, causing reflected XSS when the UI renders affected message keys. This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. Published: 2025-07-08T14:58:37.544Z Updated: 2025-07-08T20:44:54.968Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T394700 https://gerrit.wikimedia.org/r/q/I777fc55fef15c3b00df0db268af2b64cb2d6e381	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-53479`	vulnerable	2026-06-03 15:03:54.139310	CheckUser: Reflected Cross-Site Scripting (XSS) in Special:CheckUser via unsanitized internationalized message The CheckUser extension’s Special:CheckUser interface is vulnerable to reflected XSS via the rev-deleted-user message. This message is rendered without proper escaping, making it possible to inject JavaScript through the uselang=x-xss language override mechanism. This issue affects Mediawiki - CheckUser extension: from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. Published: 2025-07-08T17:16:36.081Z Updated: 2025-07-10T13:18:39.505Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T394693 https://gerrit.wikimedia.org/r/q/I159e14543912cb3bc7f4a00c3090c0285b154786	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-53478`	vulnerable	2026-06-03 15:03:54.138951	CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate via unsanitized i18n messages The CheckUser extension’s Special:Investigate interface is vulnerable to reflected XSS due to improper escaping of certain internationalized system messages rendered on the “IPs and User agents” tab. This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. Published: 2025-07-07T18:16:33.919Z Updated: 2025-07-07T20:49:34.393Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T394692 https://gerrit.wikimedia.org/r/q/I3a1e21b6800ff4d813a33ee9fe9b7ccf070b6b2e	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Mediawiki Checkuser Extension

PURL mappings

Vulnerability references

Contribute