Checkuser
CVE-2025-61648
Lifecycle Timeline
2DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/ShowIPButton.Vue, modules/ext.CheckUser.TempAccounts/SpecialBlock.Js.
This issue affects CheckUser: from * before 1.44.1.
AnalysisAI
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser.
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/ShowIPButton.Vue, modules/ext.CheckUser.TempAccounts/SpecialBlock.Js.
This issue affects CheckUser: from * before 1.44.1.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers.
Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hija
An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Rated medium severity (CVSS 6.5), this vu
Wikimedia Foundation CheckUser versions 1.45.0 through 1.45.1 expose sensitive information to unauthorized actors throug
Cross-site scripting in the Wikimedia Foundation CheckUser extension (versions 1.46.0-rc.0 up to but not including 1.46.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia F
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today