{"id":"CVE-2025-61637","details":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js.\n\nThis issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.","modified":"2026-04-10T05:32:40.351145Z","published":"2026-02-03T00:16:09.480Z","references":[{"type":"REPORT","url":"https://phabricator.wikimedia.org/T394856"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wikimedia/mediawiki","events":[{"introduced":"0"},{"fixed":"4db15f479679fa4102789af77077c357af462501"},{"introduced":"0f21d5c6a37f7baa19c33a4f96bc04ab7992ca42"},{"fixed":"c4b6b0912db6e5e4d3c0368226d4a164a1fc9fc3"},{"introduced":"b2a11b6991c9aafa44dd5bc743746123849eafb3"},{"fixed":"02f60e14ba59bfe6d4533054d7951887bc5f3702"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.39.14"},{"introduced":"1.39.15"},{"fixed":"1.43.4"},{"introduced":"1.43.5"},{"fixed":"1.44.1"}]}}],"versions":["1.1.0","1.3.0beta1","1.39.0","1.39.0-rc.0","1.39.0-rc.1","1.39.1","1.39.10","1.39.11","1.39.12","1.39.13","1.39.2","1.39.3","1.39.4","1.39.5","1.39.6","1.39.7","1.39.8","1.39.9","1.43.0","1.43.0-rc.0","1.43.1","1.43.2","1.43.3","1.44.0","1.44.0-rc.0","1.5.0alpha1","1.5.0alpha2","1.5.0beta1","1.5.0beta2","1.5.0beta3","1.5.0beta4","1.6.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61637.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}]}