PT-2025-42802 · Unknown+1 · Multiboilerplate Extensionmaste+1

Somerandomdeveloper

Published

2025-10-20

Updated

2025-10-20

CVE-2025-62700

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions Mediawiki - MultiBoilerplate Extensionmaste versions prior to 1.39

Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting (XSS). This means that malicious scripts can be stored on the target server and executed by other users. The vulnerability exists in the MultiBoilerplate Extensionmaste.

Recommendations Update to version 1.39 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-62700

Affected Products

Mediawiki

Multiboilerplate Extensionmaste

PT-2025-42802 · Unknown+1 · Multiboilerplate Extensionmaste+1

CVE-2025-62700

Weakness Enumeration

Related Identifiers

Affected Products

References · 8