Bug 2436160 (CVE-2025-61645)
| Summary: | CVE-2025-61645 MediaWiki: MediaWiki: Cross-site scripting vulnerability allows information disclosure via improper input neutralization | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in MediaWiki. This cross-site scripting (XSS) vulnerability, located in the includes/pager/CodexTablePager.Php program file, allows an attacker to inject malicious scripts into web pages. This can lead to information disclosure, where sensitive user data might be exposed, or enable an attacker to perform actions on behalf of the user within their browser session.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2436250, 2436251 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-02-03 01:01:11 UTC
|