PT-2025-42665 · Mediawiki · Mediawiki Webauthn Extension

Roan Kattouw

Published

2025-10-17

Updated

2025-10-18

CVE-2025-62652

CVSS v4.0

5.9

Medium

Vector

AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:L/U:Amber

Name of the Vulnerable Software and Affected Versions MediaWiki WebAuthn extension versions 1.39, 1.43, and 1.44

Description A flaw exists in the MediaWiki WebAuthn extension related to improper input handling during web page generation, leading to a Stored Cross-site Scripting issue. This allows for the injection of malicious scripts. The affected component is the WebAuthn extension.

Recommendations Update to a newer version that contains a fix for this vulnerability.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-62652

Affected Products

Mediawiki Webauthn Extension

PT-2025-42665 · Mediawiki · Mediawiki Webauthn Extension

CVE-2025-62652

Weakness Enumeration

Related Identifiers

Affected Products

References · 6