CVE-2025-7056

Stored XSS in UrlShortener

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - UrlShortener Extension allows Stored XSS.This issue affects Mediawiki - UrlShortener Extension: from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

INFO

Published Date :

2025-07-07T13:57:25.974Z

Last Modified :

2025-07-10T23:28:45.730Z

Source :

wikimedia-foundation

AFFECTED PRODUCTS

The following products are affected by CVE-2025-7056 vulnerability.

Vendors	Products
Mediawiki	Mediawiki

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-7056.

URL	Resource
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/UrlShortener/+/1166268
https://phabricator.wikimedia.org/T394869

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact