CVE-2025-61648

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Wikimedia Foundation CheckUser versions prior to 1.44.1

Description The software contains an Improper Neutralization of Input During Web Page Generation issue, also known as Cross-site Scripting (XSS). The issue is found in program files modules/ext.CheckUser.TempAccounts/components/ShowIPButton.Vue and modules/ext.CheckUser.TempAccounts/SpecialBlock.Js.

Recommendations Update to CheckUser version 1.44.1 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-61648

Affected Products

Checkuser

CVE-2025-61648

Weakness Enumeration

Related Identifiers

Affected Products

References · 4