CVE-2025-53489
📋 TL;DR
This CVE describes a cross-site scripting (XSS) vulnerability in the Mediawiki GoogleDocs4MW extension that allows attackers to inject malicious scripts into web pages. The vulnerability affects Mediawiki installations using the GoogleDocs4MW extension versions 1.42.X before 1.42.7 and 1.43.X before 1.43.2. Users viewing pages with malicious content could have their sessions hijacked or be redirected to malicious sites.
💻 Affected Systems
- Mediawiki GoogleDocs4MW Extension
📦 What is this software?
Googledocs4mw by Jackphoenix
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, perform actions as authenticated users, redirect users to malicious sites, or install malware through drive-by downloads.
Likely Case
Session hijacking, credential theft, or defacement of wiki pages through injected content.
If Mitigated
Limited impact if Content Security Policy (CSP) headers are properly configured and user input validation is enforced elsewhere.
🎯 Exploit Status
XSS vulnerabilities typically require user interaction or specific page access. The vulnerability is in input handling during web page generation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.42.7 or 1.43.2
Vendor Advisory: https://phabricator.wikimedia.org/T395949
Restart Required: No
Instructions:
1. Update the GoogleDocs4MW extension to version 1.42.7 (for Mediawiki 1.42.X) or 1.43.2 (for Mediawiki 1.43.X). 2. Verify the update by checking the extension version in Mediawiki's Special:Version page.
🔧 Temporary Workarounds
Disable GoogleDocs4MW Extension
allTemporarily disable the vulnerable extension until patching is possible
Edit LocalSettings.php and comment out or remove: wfLoadExtension('GoogleDocs4MW');
Implement Content Security Policy
allAdd CSP headers to mitigate XSS impact
Add to web server config or .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval';"
Adjust directives based on your specific needs
🧯 If You Can't Patch
- Implement strict input validation and output encoding for all user-supplied content
- Enable HTTP-only and secure flags on session cookies to limit XSS impact
🔍 How to Verify
Check if Vulnerable:
Check the GoogleDocs4MW extension version in Mediawiki's Special:Version page. If version is 1.42.0-1.42.6 or 1.43.0-1.43.1, the system is vulnerable.Check Version:
Navigate to https://your-wiki/Special:Version and look for GoogleDocs4MW extension versionVerify Fix Applied:
After updating, verify the GoogleDocs4MW extension shows version 1.42.7 or 1.43.2 in Special:Version page.📡 Detection & Monitoring
Log Indicators:
- Unusual script tags or JavaScript in page edit logs
- Suspicious user input containing script tags or JavaScript events
Network Indicators:
- Unexpected external script loads from wiki pages
- Suspicious redirects from wiki pages
SIEM Query:
source="mediawiki_logs" AND (message="*<script>*" OR message="*javascript:*" OR message="*onerror=*" OR message="*onload=*")