CVE-2025-62659

The CookieConsent extension does not properly use reserved data attributes, thus introducing potential XSS vectors

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki CookieConsent extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki CookieConsent extension: from v0.1.0 before v2.0.0.

INFO

Published Date :

2025-10-22T15:31:28.899Z

Last Modified :

2025-10-22T15:46:23.973Z

Source :

wikimedia-foundation

AFFECTED PRODUCTS

The following products are affected by CVE-2025-62659 vulnerability.

Vendors	Products
Mediawiki	Cookieconsent Mediawiki

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-62659.

URL	Resource
https://phabricator.wikimedia.org/T404475

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability