CVE-2025-59839

Name of the Vulnerable Software and Affected Versions EmbedVideo Extension versions prior to 4.0.0

Description The EmbedVideo Extension for MediaWiki, which includes a parser function called #ev and parser tags for embedding video clips, contains a flaw. Versions 4.0.0 and earlier permit the addition of arbitrary attributes to an HTML element, potentially leading to stored cross-site scripting (XSS) through wikitext. The issue was addressed with commit 4e075d3.

Recommendations Update to EmbedVideo Extension version 4.0.0 or later.