CVE-2025-53369
HIGHShortDescription 4.0.0 - Stored Cross-Site Scripting via mw.util.addSubtitle
Title source: llmDescription
Short Description is a MediaWiki extension that provides local short description support. In version 4.0.0, short descriptions are not properly sanitized before being inserted as HTML using mw.util.addSubtitle, allowing any user to insert arbitrary HTML into the DOM by editing a page. This issue has been patched in version 4.0.1.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/security/advisories/GHSA-p85q-mww9-gwqf
Scores
CVSS v3
8.6
EPSS
0.0029
EPSS Percentile
20.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (3)
StarCitizenTools/mediawiki-extensions-ShortDescription
>= 05f6c6824f8f37dcc2d51cf6df4e7a09bea2196c, < 2c18bd21c5de53c336f55b6ff42f2983ea5796b4
StarCitizenTools/mediawiki-extensions-ShortDescription
>= 4.0.0, < 4.0.1
starcitizentools/short-description
4.0.0 - 4.0.1Packagist
Published
Jul 03, 2025
Tracked Since
Feb 18, 2026