Home > Vulnerability Database > CVE-2025-59839

Mend.io Vulnerability Database

CVE-2025-59839

Date: September 25, 2025

The EmbedVideo Extension is a MediaWiki extension which adds a parser function called #ev and various parser tags for embedding video clips from various video sharing services. In versions 4.0.0 and prior, the EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for stored XSS through wikitext. This issue has been patched via commit 4e075d3.

Severity Score

8.6

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-59839

Url: https://github.com/StarCitizenWiki/mediawiki-extensions-EmbedVideo/security/advisories/GHSA-4j5h-mvj3-m48v

Url: https://github.com/StarCitizenWiki/mediawiki-extensions-EmbedVideo/blob/440fb331a84b2050f4cc084c1d31d58a1d1c202d/resources/modules/iframe.js#L139-L155

Url: https://github.com/StarCitizenWiki/mediawiki-extensions-EmbedVideo/blob/440fb331a84b2050f4cc084c1d31d58a1d1c202d/resources/ext.embedVideo.videolink.js#L5-L20

Url: https://github.com/StarCitizenWiki/mediawiki-extensions-EmbedVideo

Url: https://github.com/StarCitizenWiki/mediawiki-extensions-EmbedVideo/commit/4e075d3dc9a15a3ee53f449a684d5ab847e52f01

Url: https://www.mend.io/vulnerability-database/CVE-2025-59839

Severity Score

8.6

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-59839

Date: September 25, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?