CVE-2025-53480

🗓️ 08 Jul 2025 14:58:37Reported by wikimedia-foundationType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 11 Views

Vulnerability in CheckUser extension allows XSS via unescaped messages in Account info tab URL parameter.

Reporter	Title	Published	Views	Family All 7
CNNVD	Wikimedia Mediawiki - CheckUser Extension 安全漏洞	8 Jul 202500:00	–	cnnvd
Cvelist	CVE-2025-53480 CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate (Account information tab) via unsanitized i18n messages	8 Jul 202514:58	–	cvelist
EUVD	EUVD-2025-20516	3 Oct 202520:07	–	euvd
NVD	CVE-2025-53480	8 Jul 202515:15	–	nvd
Positive Technologies	PT-2025-28474 · Mediawiki · Mediawiki	8 Jul 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-53480	10 Jul 202515:27	–	redhatcve
Vulnrichment	CVE-2025-53480 CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate (Account information tab) via unsanitized i18n messages	8 Jul 202514:58	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Mediawiki - CheckUser extension",
    "vendor": "Wikimedia Foundation",
    "versions": [
      {
        "lessThan": "1.39.13",
        "status": "affected",
        "version": "1.39.x",
        "versionType": "semver"
      },
      {
        "lessThan": "1.42.7",
        "status": "affected",
        "version": "1.42.x",
        "versionType": "semver"
      },
      {
        "lessThan": "1.43.2",
        "status": "affected",
        "version": "1.43.x",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
phabricator	www.phabricator.wikimedia.org/T394700
gerrit	www.gerrit.wikimedia.org/r/q/I777fc55fef15c3b00df0db268af2b64cb2d6e381

15 Apr 2026 00:35Current

6Medium risk

Vulners AI Score6

CVSS 3.15.4

EPSS0.00129

SSVC

CWE-79