{"id":"CVE-2025-67475","details":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php.\n\nThis issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.","modified":"2026-07-15T06:09:49.927741Z","published":"2026-02-03T02:16:08.457Z","references":[{"type":"REPORT","url":"https://phabricator.wikimedia.org/T406664"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wikimedia/mediawiki","events":[{"introduced":"c95fc4786beba034fa643062b98a60ccbde831fd"},{"fixed":"c4be99fcac8e32df28c607fe5a98734e83882113"},{"introduced":"8216997ffcc956a610635f07044fb9a3b5dda9d9"},{"fixed":"6f1ddad4f5437224db593396eb121a15580ec6f4"},{"introduced":"858ee255edbe0da2ff8152df403cac2dba2c9948"},{"fixed":"72a8777aa8598d163206f49ac44ec41c818391a0"},{"introduced":"99b4a221a98c0ac1531c3f4e31248562833dbc82"},{"last_affected":"99b4a221a98c0ac1531c3f4e31248562833dbc82"}],"database_specific":{"cpe":["cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*","cpe:2.3:a:mediawiki:mediawiki:1.45.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"1.39.0"},{"fixed":"1.39.16"},{"introduced":"1.43.0"},{"fixed":"1.43.6"},{"introduced":"1.44.0"},{"fixed":"1.44.3"},{"introduced":"1.45.0"},{"last_affected":"1.45.0"}],"source":["CPE_RANGE","CPE_STRING"]}}],"versions":["1.45.0","1.43.5","1.39.15","1.44.2","1.43.4","1.39.14","1.44.0","1.43.3","1.43.2","1.39.13","1.43.1","1.39.12","1.43.0","1.39.11","1.39.10","1.39.9","1.39.8","1.39.7","1.39.7-alpha-T317451.2","1.39.6","1.39.5","1.39.4","1.39.3","1.39.2","1.39.1","1.39.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67475.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}