CVE-2025-53486

CVE-2025-53486 affects MediaWiki WikiCategoryTagCloud extension via reflected XSS in the linkstyle attribute. The issue arises because the value is passed through Sanitizer::checkCss() (which does not escape HTML) and concatenated into a style attribute instead of using proper HTML element creati...

CVE-2025-53486 WikiCategoryTagCloud: Reflected Cross-Site Scripting (XSS) via linkstyle attribute in parser function

The WikiCategoryTagCloud extension is vulnerable to reflected XSS via the linkstyle attribute, which is improperly concatenated into inline HTML without escaping. An attacker can inject JavaScript event handlers such as onmouseenter using carefully crafted input via the tag:tagcloud parser...

Wikimedia Mediawiki - WikiCategoryTagCloud Extension 安全漏洞

Wikimedia Mediawiki - WikiCategoryTagCloud Extension is an extension for Wiki by the Wikimedia Foundation. A security vulnerability exists in Wikimedia Mediawiki - WikiCategoryTagCloud Extension versions prior to 1.39.13, prior to 1.42.7, and prior to 1.43.2, which stems from the linkstyle...