Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

Vulnerability IntelligenceCVE-2025-61642

CVE-2025-61642

MEDIUM6.1

Stored XSS through system messages provided to CodexHtmlForms

Published Feb 2, 2026

Modified 3 months ago

Details

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/CodexHTMLForm.Php, includes/htmlform/fields/HTMLButtonField.Php.

This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

References

https://phabricator.wikimedia.org/T402313

https://www.cve.org/CVERecord?id=CVE-2025-61642

CVSS Analysis

CVSS v4.0

0.0

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Attack Requirements

PresentAT:P

Privileges Required

HighPR:H

User Interaction

PassiveUI:P

Vulnerable System

Vuln. Confidentiality

NoneVC:N

Vuln. Integrity

NoneVI:N

Vuln. Availability

NoneVA:N

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

0/CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Weakness Type (CWE)

Injection

Cross-site Scripting (XSS)

Ecosystems

Timeline

PublishedFeb 2, 2026

ModifiedFeb 3, 2026

CVE-2025-61642 | Mondoo Vulnerability Intelligence