CVE-2025-32073 - Vulnerability Details - OpenCVE

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows Cross-Site Scripting (XSS).This issue affects Mediawiki - HTML Tags: from 1.39 through 1.43.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/HTMLTags/+/1121056
https://phabricator.wikimedia.org/T386337

History

Thu, 03 Jul 2025 17:30:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV4_0 `{'score': 10.0, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Thu, 03 Jul 2025 16:45:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV4_0 `{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}`	cvssV4_0 `{'score': 10.0, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Fri, 11 Apr 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 11 Apr 2025 16:30:00 +0000

Type	Values Removed	Values Added
Description		Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows Cross-Site Scripting (XSS).This issue affects Mediawiki - HTML Tags: from 1.39 through 1.43.
Title		System message XSS in HTMLTags
Weaknesses		CWE-20
References		https://gerrit.wikimedia.org/r/c/mediawiki/extensions/HTMLTags/+/1121056 https://phabricator.wikimedia.org/T386337
Metrics		cvssV4_0 `{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}`

MITRE

Status: PUBLISHED

Assigner: wikimedia-foundation

Published: 2025-04-11T16:22:47.728Z

Updated: 2025-07-03T16:28:44.953Z

Reserved: 2025-04-03T21:56:59.952Z

Link: CVE-2025-32073

Vulnrichment

Updated: 2025-04-11T16:58:37.194Z

NVD

Status : Awaiting Analysis

Published: 2025-04-11T17:15:43.973

Modified: 2025-07-03T17:15:38.940

Link: CVE-2025-32073

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-32073", "assignerOrgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "state": "PUBLISHED", "assignerShortName": "wikimedia-foundation", "dateReserved": "2025-04-03T21:56:59.952Z", "datePublished": "2025-04-11T16:22:47.728Z", "dateUpdated": "2025-07-03T16:28:44.953Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mediawiki - HTML Tags", "vendor": "The Wikimedia Foundation", "versions": [{"lessThanOrEqual": "1.43", "status": "affected", "version": "1.39", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "BlankEclair"}, {"lang": "en", "type": "finder", "value": "Yaron_Koren"}], "datePublic": "2025-04-11T00:54:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows Cross-Site Scripting (XSS).<p>This issue affects Mediawiki - HTML Tags: from 1.39 through 1.43.</p>"}], "value": "Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows Cross-Site Scripting (XSS).This issue affects Mediawiki - HTML Tags: from 1.39 through 1.43."}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "shortName": "wikimedia-foundation", "dateUpdated": "2025-07-03T16:28:44.953Z"}, "references": [{"url": "https://phabricator.wikimedia.org/T386337"}, {"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/HTMLTags/+/1121056"}], "source": {"discovery": "UNKNOWN"}, "title": "System message XSS in HTMLTags", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-11T16:58:30.720359Z", "id": "CVE-2025-32073", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-11T16:58:42.492Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-32073", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-11T16:58:30.720359Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-11T16:58:37.194Z"}}], "cna": {"title": "System message XSS in HTMLTags", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "BlankEclair"}, {"lang": "en", "type": "finder", "value": "Yaron_Koren"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "affected": [{"vendor": "The Wikimedia Foundation", "product": "Mediawiki - HTML Tags", "versions": [{"status": "affected", "version": "1.39", "versionType": "semver", "lessThanOrEqual": "1.43"}], "defaultStatus": "unaffected"}], "datePublic": "2025-04-11T00:54:00.000Z", "references": [{"url": "https://phabricator.wikimedia.org/T386337"}, {"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/HTMLTags/+/1121056"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows Cross-Site Scripting (XSS).This issue affects Mediawiki - HTML Tags: from 1.39 through 1.43.", "supportingMedia": [{"type": "text/html", "value": "Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows Cross-Site Scripting (XSS).<p>This issue affects Mediawiki - HTML Tags: from 1.39 through 1.43.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "shortName": "wikimedia-foundation", "dateUpdated": "2025-07-03T16:28:44.953Z"}}}, "cveMetadata": {"cveId": "CVE-2025-32073", "state": "PUBLISHED", "dateUpdated": "2025-07-03T16:28:44.953Z", "dateReserved": "2025-04-03T21:56:59.952Z", "assignerOrgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "datePublished": "2025-04-11T16:22:47.728Z", "assignerShortName": "wikimedia-foundation"}, "dataVersion": "5.1"}