CVE-2025-53502

CVE-2025-53502: HTML injection in FeaturedFeeds

Vendor Wikimedia Foundation

Product Mediawiki - FeaturedFeeds Extension

Weakness CWE-20 · Input validation

Published July 3, 2025

Last update July 10, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper Input Validation vulnerability in Wikimedia Foundation Mediawiki - FeaturedFeeds Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - FeaturedFeeds Extension: 1.39.X, 1.42.X, 1.43.X.

Key dates

02Disclosure timeline

July 3, 2025 CVE published

July 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-53502

Related vulnerabilities

Identifiers

CVE CVE-2025-53502

CWE CWE-20

Affected versions

Vendor Wikimedia Foundation

Product Mediawiki - FeaturedFeeds Extension

Affected 1.39.x

Vendor Wikimedia Foundation

Product Mediawiki - FeaturedFeeds Extension

Affected 1.42.x

Vendor Wikimedia Foundation

Product Mediawiki - FeaturedFeeds Extension

Affected 1.43.x

CVE-2025-53502: HTML injection in FeaturedFeeds

01Description

02Disclosure timeline

03References

04Related CVE