CVE-2025-32074

CVE-2025-32074: XSSes in Extension:ConfirmAccount

Vendor The Wikimedia Foundation
Product Mediawiki - Confirm Account Extension
Weakness CWE-116
Published April 11, 2025
Last update July 7, 2025

CVSS base score

What the vulnerability does

01Description

Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Confirm Account Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Confirm Account Extension: from 1.39 through 1.43.

Key dates

02Disclosure timeline

April 11, 2025 CVE published
July 7, 2025 Record updated