CVE-2025-53486 WikiCategoryTagCloud: Reflected Cross-Site Scripting (XSS) via linkstyle attribute in parser function

🗓️ 07 Jul 2025 15:07:44Reported by wikimedia-foundationType

Vulnerability in WikiCategoryTagCloud allows reflected XSS via linkstyle attribute resulting in JavaScript execution

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-53486	7 Jul 202515:14	–	circl
CNNVD	Wikimedia Mediawiki - WikiCategoryTagCloud Extension 安全漏洞	7 Jul 202500:00	–	cnnvd
CVE	CVE-2025-53486	7 Jul 202515:07	–	cve
EUVD	EUVD-2025-20242	3 Oct 202520:07	–	euvd
NVD	CVE-2025-53486	7 Jul 202515:15	–	nvd
Positive Technologies	PT-2025-28177 · Mediawiki · Mediawiki - Wikicategorytagcloud Extension	7 Jul 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-53486	9 Jul 202515:14	–	redhatcve
Vulnrichment	CVE-2025-53486 WikiCategoryTagCloud: Reflected Cross-Site Scripting (XSS) via linkstyle attribute in parser function	7 Jul 202515:07	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Mediawiki - WikiCategoryTagCloud extension",
    "vendor": "Wikimedia Foundation",
    "versions": [
      {
        "lessThan": "1.39.13",
        "status": "affected",
        "version": "1.39.x",
        "versionType": "semver"
      },
      {
        "lessThan": "1.42.7",
        "status": "affected",
        "version": "1.42.x",
        "versionType": "semver"
      },
      {
        "lessThan": "1.43.2",
        "status": "affected",
        "version": "1.43.x",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
phabricator	www.phabricator.wikimedia.org/T394590
gerrit	www.gerrit.wikimedia.org/r/q/Idd68cf2372aedd916687d30b1bd09ebb48fcfd17

07 Jul 2025 15:07Current

EPSS0.0021

CWE-79