CVE-2025-32073
📋 TL;DR
This CVE describes an improper input validation vulnerability in MediaWiki's HTML Tags extension that allows cross-site scripting (XSS) attacks. Attackers can inject malicious scripts that execute in users' browsers when they view specially crafted content. This affects MediaWiki installations running HTML Tags extension versions 1.39 through 1.43.
💻 Affected Systems
- MediaWiki HTML Tags extension
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, perform actions as authenticated users, deface pages, or redirect users to malicious sites, potentially compromising entire user accounts and administrative functions.
Likely Case
Attackers with edit permissions could embed malicious scripts in pages that execute when other users view those pages, leading to session hijacking or credential theft.
If Mitigated
With proper input sanitization and Content Security Policy headers, the impact is limited to script execution in specific contexts, though data exfiltration remains possible.
🎯 Exploit Status
Exploitation requires the ability to edit pages with HTML tags. The vulnerability is in input validation for HTML tag attributes.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.43.1 or later
Vendor Advisory: https://phabricator.wikimedia.org/T386337
Restart Required: No
Instructions:
1. Update the HTML Tags extension to version 1.43.1 or later. 2. If using MediaWiki 1.39-1.42, backport the fix from the provided gerrit link. 3. Clear any caches after updating.
🔧 Temporary Workarounds
Disable HTML Tags extension
allTemporarily disable the vulnerable extension until patching is possible
Remove or comment out wfLoadExtension('HTMLTags'); from LocalSettings.php
Restrict edit permissions
allLimit who can edit pages containing HTML tags to trusted users only
🧯 If You Can't Patch
- Implement strict Content Security Policy headers to mitigate XSS impact
- Enable MediaWiki's built-in XSS protection features and sanitization filters
🔍 How to Verify
Check if Vulnerable:
Check the HTML Tags extension version in MediaWiki's Special:Version page or examine the extension's version fileCheck Version:
grep -r 'HTMLTags.*version' /path/to/mediawiki/extensions/HTMLTags/ || php /path/to/mediawiki/maintenance/showSiteStats.phpVerify Fix Applied:
Verify the HTML Tags extension version is 1.43.1 or later, and test that HTML tag attributes are properly sanitized📡 Detection & Monitoring
Log Indicators:
- Unusual edit patterns to pages with HTML tags
- Multiple failed sanitization attempts in MediaWiki logs
Network Indicators:
- Unexpected outbound connections from MediaWiki servers after page views
- Suspicious JavaScript payloads in HTTP requests
SIEM Query:
source="mediawiki.log" AND ("HTMLTags" OR "XSS" OR "script injection")