{"id":79990,"date":"2025-10-02T00:33:14","date_gmt":"2025-10-02T00:33:14","guid":{"rendered":""},"modified":"2025-10-03T15:49:42","modified_gmt":"2025-10-03T21:49:42","slug":"cve-2025-59839-cross-site-scripting-vulnerability-in-embedvideo-extension-for-mediawiki","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-59839-cross-site-scripting-vulnerability-in-embedvideo-extension-for-mediawiki\/","title":{"rendered":"CVE-2025-59839: Cross-Site Scripting Vulnerability in EmbedVideo Extension for MediaWiki<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

CVE-2025-59839 is a severe vulnerability affecting the EmbedVideo Extension in MediaWiki’s versions 4.0.0 and prior. This extension is widely used for embedding video clips from various video sharing services into MediaWiki pages. The vulnerability allows an attacker to add arbitrary<\/a> attributes to an HTML element, leading to a stored Cross-Site Scripting (XSS) attack through wikitext. This vulnerability is of grave concern as it opens the potential for system<\/a> compromise and data leakage, which could have dire consequences for any organization using the affected versions of the EmbedVideo Extension.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-59839
\nSeverity: High (8.6 CVSS Score)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: Required
\nImpact: Potential system compromise or data<\/a> leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n