CVE-2025-53480

The CheckUser extension's Special:Investigate page, specifically the Account information tab, is vulnerable to reflected cross-site scripting (XSS) due to improper escaping of certain internationalization (i18n) messages. The vulnerability affects the messages checkuser-investigate-preliminary-table-cell-wiki-nowiki and rev-deleted-user, which are rendered without proper sanitization [1].

An attacker can trigger the XSS by appending ?uselang=x-xss to the URL of the Special:Investigate page. This parameter forces the interface to use a special language code designed to test for unescaped output, causing the vulnerable message keys to execute script content if they contain malicious payloads [1]. No authentication is required for this attack vector, as the page is accessible to anyone who can visit the special page.

Successfully exploiting this vulnerability allows an attacker to execute arbitrary JavaScript in the context of the victim's browser session. This can lead to actions such as session hijacking, defacement, or theft of sensitive information displayed on the page. The attack is reflected and requires the victim to click a crafted link, making it a typical reflected XSS scenario.

The vulnerability is fixed in CheckUser versions 1.39.13, 1.42.7, and 1.43.2, released as part of the Mediawiki security update. Users should upgrade to these or later versions immediately [1].