CVE-2025-32070

CVE-2025-32070: XSSes in AJAXPoll

Vendor The Wikimedia Foundation
Product Mediawiki - AJAX Poll Extension
Weakness CWE-20 · Input validation
Published April 11, 2025
Last update July 7, 2025

CVSS base score

What the vulnerability does

01Description

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - AJAX Poll Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - AJAX Poll Extension: from 1.39 through 1.43.

Key dates

02Disclosure timeline

April 11, 2025 CVE published
July 7, 2025 Record updated