CVE-2025-3469

i18n XSS vulnerability in HTMLMultiSelectField when sections are used

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.

INFO

Published Date :

2025-04-10T18:28:13.370Z

Last Modified :

2025-04-10T19:06:36.330Z

Source :

wikimedia-foundation

AFFECTED PRODUCTS

The following products are affected by CVE-2025-3469 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-3469.

URL	Resource
https://phabricator.wikimedia.org/T358689

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability