{
  "threat_severity" : "Important",
  "public_date" : "2026-02-03T00:13:23Z",
  "bugzilla" : {
    "description" : "MediaWiki: MediaWiki: Cross-site scripting vulnerability allows information disclosure via improper input neutralization",
    "id" : "2436160",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2436160"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.6",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-79",
  "details" : [ "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/pager/CodexTablePager.Php.\nThis issue affects MediaWiki: from * before 1.44.1.", "A flaw was found in MediaWiki. This cross-site scripting (XSS) vulnerability, located in the includes/pager/CodexTablePager.Php program file, allows an attacker to inject malicious scripts into web pages. This can lead to information disclosure, where sensitive user data might be exposed, or enable an attacker to perform actions on behalf of the user within their browser session." ],
  "statement" : "A cross-site scripting (XSS) vulnerability exists in the CodexTablePager component of MediaWiki due to improper neutralization of input during web page generation. This flaw could allow an authenticated attacker with high privileges to inject malicious scripts, potentially leading to unauthorized actions or information disclosure within the affected MediaWiki instance. This issue affects MediaWiki versions before 1.44.1, as distributed in Fedora.",
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-61645\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-61645\nhttps://phabricator.wikimedia.org/T403761" ],
  "name" : "CVE-2025-61645",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}