Bug 2436122 (CVE-2025-6594) - CVE-2025-6594 MediaWiki: MediaWiki: Cross-site Scripting vulnerability via improper input neutralization
Summary: CVE-2025-6594 MediaWiki: MediaWiki: Cross-site Scripting vulnerability via im...
Keywords:
Status: NEW
Alias: CVE-2025-6594
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2436192 2436191
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-02-03 00:02 UTC by OSIDB Bzimport
Modified: 2026-02-03 03:17 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-02-03 00:02:41 UTC
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandbox.Js.

This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.


Note You need to log in before you can comment on or make changes to this bug.