Mediawiki Approvedrevs Extension
Approved changes feed: RSS · Atom
cpe:2.3:a:wikimedia_foundation:mediawiki_-_approvedrevs_extension:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Wikimedia Foundation (f7943c01-50f6-53ec-b645-b355c8f75e02) |
|---|---|
| Product | Mediawiki Approvedrevs Extension (0e8f2fe7-3b46-5000-bbc9-bae1835b802a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-53487 |
vulnerable | 2026-06-03 15:03:54.147435 |
ApprovedRevs: Stored Cross-Site Scripting (XSS) via unsanitized system messages
The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this by injecting JavaScript payloads via the uselang=x-xss language override, which causes crafted message keys to be rendered unescaped.
This issue affects Mediawiki - ApprovedRevs extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Published: 2025-07-07T15:13:38.574Z
Updated: 2025-07-07T19:16:14.015Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.