Home > Vulnerability Database > CVE-2025-43861

Mend.io Vulnerability Database

CVE-2025-43861

Date: April 24, 2025

ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the "Review Changes" dialog, the payload will be rendered and executed in the context of their own session. This issue has been patched in commit 2f177dc.

Severity Score

4.4

Related Resources (4)

Url: https://github.com/miraheze/ManageWiki/security/advisories/GHSA-859x-46h8-vcrv

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-43861

Url: https://github.com/miraheze/ManageWiki/commit/2f177dc83b28b727613215b835d4036cb179e4ab

Url: https://www.mend.io/vulnerability-database/CVE-2025-43861

Severity Score

4.4

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-43861

Date: April 24, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?