Critical severity9.8NVD Advisory· Published Jul 4, 2025· Updated Apr 15, 2026
CVE-2025-53484
CVE-2025-53484
Description
User-controlled inputs are improperly escaped in:
* VotePage.php (poll option input)
* ResultPage::getPagesTab() and getErrorsTab() (user-controllable page names)
This allows attackers to inject JavaScript and compromise user sessions under certain conditions.
This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: >=1.39.0,<1.39.13,>=1.42.0,<1.42.7,>=1.43.0,<1.43.2
- Range: >=1.39.0 <1.39.13, >=1.42.0 <1.42.7, >=1.43.0 <1.43.2
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.