CVE-2025-53484 – Mediawiki SecurePoll Stored Cross-Site Scripting

CVE ID : CVE-2025-53484

Published : July 4, 2025, 6:15 p.m. | 44 minutes ago

Description : User-controlled inputs are improperly escaped in:

*
VotePage.php (poll option input)

*
ResultPage::getPagesTab() and getErrorsTab() (user-controllable page names)

This allows attackers to inject JavaScript and compromise user sessions under certain conditions.

This issue affects Mediawiki – SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…