CVE-2025-23079

Name of the Vulnerable Software and Affected Versions Mediawiki - ArticleFeedbackv5 versions 1.42.X through 1.42.2

Description The issue is related to improper neutralization of input during web page generation, allowing Cross-Site Scripting (XSS). This enables attackers to inject malicious scripts into web pages, potentially leading to unauthorized actions or data theft.

Recommendations For versions 1.42.X through 1.42.2, update to a version after 1.42.2 to resolve the issue. As a temporary workaround, consider restricting access to the ArticleFeedbackv5 extension until a patch is available. Avoid using user-inputted data in the affected extension until the issue is resolved.