CVE-2025-53480

Name of the Vulnerable Software and Affected Versions: Mediawiki - CheckUser extension versions 1.39.0 through 1.39.12 Mediawiki - CheckUser extension versions 1.42.0 through 1.42.6 Mediawiki - CheckUser extension versions 1.43.0 through 1.43.1

Description: The issue is related to the rendering of specific internationalized messages without proper escaping in the Account information tab of the Special:Investigate page. Attackers can exploit this by appending ?uselang=x-xss to the URL, causing reflected XSS when the UI renders affected message keys.

Recommendations: For versions 1.39.0 through 1.39.12, update to version 1.39.13 or later. For versions 1.42.0 through 1.42.6, update to version 1.42.7 or later. For versions 1.43.0 through 1.43.1, update to version 1.43.2 or later.