CVE-2025-43861

Name of the Vulnerable Software and Affected Versions ManageWiki versions prior to commit 2f177dc

Description The issue concerns a reflected or stored XSS vulnerability in the review dialog of ManageWiki, a MediaWiki extension. An attacker with a logged-in session can exploit this by modifying a form field to include malicious payload. When the "Review Changes" dialog is opened, the payload is rendered and executed within the attacker's own session context.

Recommendations For versions prior to commit 2f177dc, update to a version that includes the patch from commit 2f177dc to resolve the issue. As a temporary workaround, consider restricting access to the review dialog until the patch is applied. Avoid using the review dialog with untrusted input until the issue is resolved.