MediaWiki MediaSearch扩展存储型XSS漏洞(CVE-2025-53496)

关键信息 漏洞编号: CVE-2025-53496 漏洞类型: Stored XSS (跨站脚本攻击) 受影响组件: MediaSearch extension 描述: MediaSearch扩展允许在系统消息中插入HTML，导致存储型XSS攻击。 原因: MediaWiki的MediaSearch扩展没有正确处理用户输入的HTML内容，导致恶意代码被存储并在后续显示时执行。 修复版本: MediaWiki 1.41.0-wmf.28 及以上版本已修复该漏洞。 其他信息 相关补丁: - Patch #1: SECURITY: Insert message as text instead of HTML - Patch #2: SECURITY: Insert message as text instead of HTML - Patch #3: SECURITY: Insert message as text instead of HTML - Patch #4: SECURITY: Insert message as text instead of HTML - Patch #5: SECURITY: Insert message as text instead of HTML - Patch #6: SECURITY: Insert message as text instead of HTML - Patch #7: SECURITY: Insert message as text instead of HTML - Patch #8: SECURITY: Insert message as text instead of HTML - Patch #9: SECURITY: Insert message as text instead of HTML - Patch #10: SECURITY: Insert message as text instead of HTML - Patch #11: SECURITY: Insert message as text instead of HTML - Patch #12: SECURITY: Insert message as text instead of HTML - Patch #13: SECURITY: Insert message as text instead of HTML - Patch #14: SECURITY: Insert message as text instead of HTML - Patch #15: SECURITY: Insert message as text instead of HTML - Patch #16: SECURITY: Insert message as text instead of HTML - Patch #17: SECURITY: Insert message as text instead of HTML - Patch #18: SECURITY: Insert message as text instead of HTML - Patch #19: SECURITY: Insert message as text instead of HTML - Patch #20: SECURITY: Insert message as text instead of HTML - Patch #21: SECURITY: Insert message as text instead of HTML - Patch #22: SECURITY: Insert message as text instead of HTML - Patch #23: SECURITY: Insert message as text instead of HTML - Patch #24: SECURITY: Insert message as text instead of HTML - Patch #25: SECURITY: Insert message as text instead of HTML - Patch #26: SECURITY: Insert message as text instead of HTML - Patch #27: SECURITY: Insert message as text instead of HTML - Patch #28: SECURITY: Insert message as text instead of HTML - Patch #29: SECURITY: Insert message as text instead of HTML - Patch #30: SECURITY: Insert message as text instead of HTML - Patch #31: SECURITY: Insert message as text instead of HTML - Patch #32: SECURITY: Insert message as text instead of HTML - Patch #33: SECURITY: Insert message as text instead of HTML - Patch #34: SECURITY: Insert message as text instead of HTML - Patch #35: SECURITY: Insert message as text instead of HTML - Patch #36: SECURITY: Insert message as text instead of HTML - Patch #37: SECURITY: Insert message as text instead of HTML - Patch #38: SECURITY: Insert message as text instead of HTML - Patch #39: SECURITY: Insert message as text instead of HTML - Patch #40: SECURITY: Insert message as text instead of HTML - Patch #41: SECURITY: Insert message as text instead of HTML - Patch #42: SECURITY: Insert message as text instead of HTML - Patch #43: SECURITY: Insert message as text instead of HTML - Patch #44: SECURITY: Insert message as text instead of HTML - Patch #45: SECURITY: Insert message as text instead of HTML - Patch #46: SECURITY: Insert message as text instead of HTML - Patch #47: SECURITY: Insert message as text instead of HTML - Patch #48: SECURITY: Insert message as text instead of HTML - Patch #49: SECURITY: Insert message as text instead of HTML - Patch #50: SECURITY: Insert message as text instead of HTML - Patch #51: SECURITY: Insert message as text instead of HTML - Patch #52: SECURITY: Insert message as text instead of HTML - Patch #53: SECURITY: Insert message as text instead of HTML - Patch #54: SECURITY: Insert message as text instead of HTML - Patch #55: SECURITY: Insert message as text instead of HTML - Patch #56: SECURITY: Insert message as text instead of HTML - Patch #57: SECURITY: Insert message as text instead of HTML - Patch #58: SECURITY: Insert message as text instead of HTML - Patch #59: SECURITY: Insert message as text instead of HTML - Patch #60: SECURITY: Insert message as text instead of HTML - Patch #61: SECURITY: Insert message as text instead of HTML - Patch #62: SECURITY: Insert message as text instead of HTML - Patch #63: SECURITY: Insert message as text instead of HTML - Patch #64: SECURITY: Insert message as text instead of HTML - Patch #65: SECURITY: Insert message as text instead of HTML - Patch #66: SECURITY: Insert message as text instead of HTML - Patch #67: SECURITY: Insert message as text instead of HTML - Patch #68: SECURITY: Insert message as text instead of HTML - Patch #69: SECURITY: Insert message as text instead of HTML - Patch #70: SECURITY: Insert message as text instead of HTML - Patch #71: SECURITY: Insert message as text instead of HTML - Patch #72: SECURITY: Insert message as text instead of HTML - Patch #73: SECURITY: Insert message as text instead of HTML - Patch #74: SECURITY: Insert message as text instead of HTML - Patch #75: SECURITY: Insert message as text instead of HTML - Patch #76: SECURITY: Insert message as text instead of HTML - Patch #77: SECURITY: Insert message as text instead

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

MediaWiki MediaSearch扩展存储型XSS漏洞(CVE-2025-53496)

目标达成感谢每一位支持者 — 我们达成了 100% 目标！