CVE-2025-25287 Lakeus vulnerable to stored XSS via system messages

Lakeus is a simple skin made for MediaWiki. Starting in version 1.0.8 and prior to versions 1.3.1+REL1.39, 1.3.1+REL1.42, and 1.4.0, Lakeus is vulnerable to store cross-site scripting via malicious system messages, though editing the messages requires high privileges. Those with editinterface...

PT-2025-7070 · Mediawiki · Lakeus

Name of the Vulnerable Software and Affected Versions: Lakeus versions 1.8.0 through 1.3.1 Lakeus versions prior to 1.3.1+REL1.39 Lakeus versions prior to 1.3.1+REL1.42 Lakeus versions prior to 1.4.0 Description: Lakeus is a simple skin made for MediaWiki. It is vulnerable to stored cross-site...