{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "1.39.14" }, { "introduced": "1.39.15" }, { "fixed": "1.43.4" }, { "introduced": "1.43.5" }, { "fixed": "1.44.1" } ] }, "events": [ { "introduced": "0" }, { "fixed": "4db15f479679fa4102789af77077c357af462501" }, { "introduced": "0f21d5c6a37f7baa19c33a4f96bc04ab7992ca42" }, { "fixed": "c4b6b0912db6e5e4d3c0368226d4a164a1fc9fc3" }, { "introduced": "b2a11b6991c9aafa44dd5bc743746123849eafb3" }, { "fixed": "02f60e14ba59bfe6d4533054d7951887bc5f3702" } ], "repo": "https://github.com/wikimedia/mediawiki", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "0.16.6" }, { "introduced": "0" }, { "fixed": "0.20.4" }, { "introduced": "0" }, { "fixed": "0.21.1" } ] }, "events": [ { "introduced": "0" }, { "fixed": "622dab8dacffd08ec092071ee78499c62e936391" }, { "introduced": "0" }, { "fixed": "75f04e1f7b6f46af9437a34ecf72b1953c5ab59c" }, { "introduced": "0" }, { "fixed": "73dd5f50537b9f72f70ca53c723124a2d26c1427" } ], "repo": "https://github.com/wikimedia/parsoid", "type": "GIT" } ] } ], "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, src/Core/Sanitizer.Php.\n\nThis issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Parsoid: from * before 0.16.6, 0.20.4, 0.21.1.", "id": "CVE-2025-61638", "modified": "2026-04-01T23:08:56.307911605Z", "published": "2026-02-03T00:16:09.617Z", "references": [ { "type": "ADVISORY", "url": "https://phabricator.wikimedia.org/T401099" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }