CVE-2025-53369HIGH 8.6EPSS p20.4%

CVE-2025-53369CVE-2025-53369

Description

Short Description is a MediaWiki extension that provides local short description support. In version 4.0.0, short descriptions are not properly sanitized before being inserted as HTML using mw.util.addSubtitle, allowing any user to insert arbitrary HTML into the DOM by editing a page. This issue has been patched in version 4.0.1.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
EPSS0.29% probability of exploitation · percentile 20.4% · 2026-06-19T12:03:05Z
Published2025-07-03
Last modified2026-04-15

Underlying weaknesses· 1

CWE-79

References

  1. https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/commit/bc4fdbaeb1dff127fb6d08c0d385b64aa128c8f8
  2. https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/security/advisories/GHSA-p85q-mww9-gwqf

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')cwe-790%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-53501
CVE
CVE-2025-53499
CVE
CVE-2025-53495
CVE
CVE-2025-46558
CVE
CVE-2025-55730
CVE
CVE-2025-55729
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.