Login Sign Up

CVE-2025-43861

4.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

ManageWiki extension for MediaWiki has a cross-site scripting vulnerability where logged-in attackers can inject malicious scripts into form fields. When the 'Review Changes' dialog is opened, the payload executes in the victim's session context. This affects all MediaWiki installations using vulnerable ManageWiki versions.

💻 Affected Systems

Products:
  • ManageWiki MediaWiki extension
Versions: All versions prior to commit 2f177dc
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires ManageWiki extension to be installed and enabled on MediaWiki.

📦 What is this software?

Managewiki by Miraheze

View all CVEs affecting Managewiki →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker steals admin session cookies, performs unauthorized actions, or compromises user accounts through session hijacking.

🟠

Likely Case

Attacker performs limited session hijacking or defacement within the affected user's permissions.

🟢

If Mitigated

Minimal impact if proper input validation and output encoding are implemented.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires attacker to be logged in and have access to modify form fields, then trigger the review dialog.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit 2f177dc or later

Vendor Advisory: https://github.com/miraheze/ManageWiki/security/advisories/GHSA-859x-46h8-vcrv

Restart Required: No

Instructions:

1. Update ManageWiki to commit 2f177dc or later. 2. Apply the patch from GitHub. 3. Clear any cached data. 4. Verify the fix by testing the review dialog functionality.

🔧 Temporary Workarounds

Disable ManageWiki extension

all

Temporarily disable the ManageWiki extension until patched

Edit LocalSettings.php and comment out wfLoadExtension('ManageWiki');

Restrict user permissions

all

Limit which users can access ManageWiki functionality

Configure MediaWiki permissions to restrict ManageWiki access to trusted users only

🧯 If You Can't Patch

  • Implement Content Security Policy headers to restrict script execution
  • Enable MediaWiki's built-in XSS protection features

🔍 How to Verify

Check if Vulnerable:

Check ManageWiki version against commit hash 2f177dc. If earlier, vulnerable.

Check Version:

Check git log or extension version in MediaWiki configuration

Verify Fix Applied:

Test the review dialog with script payloads to ensure they are properly sanitized.

📡 Detection & Monitoring

Log Indicators:

  • Unusual form submissions with script tags
  • Multiple review dialog accesses from same user

Network Indicators:

  • Script injection patterns in HTTP requests

SIEM Query:

Search for pattern: *<script>* in form field submissions to ManageWiki endpoints

📊 Metadata

CVE ID: CVE-2025-43861
CVSS v3 Score: 4.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.05% exploit probability (16.7th percentile)
Published: April 24, 2025
Last Updated: September 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-43861, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)