CVE-2025-53369 – MediaWiki Short Description Cross-Site Scripting

July 3, 2025

CVE ID : CVE-2025-53369

Published : July 3, 2025, 8:15 p.m. | 3 hours, 14 minutes ago

Description : Short Description is a MediaWiki extension that provides local short description support. In version 4.0.0, short descriptions are not properly sanitized before being inserted as HTML using mw.util.addSubtitle, allowing any user to insert arbitrary HTML into the DOM by editing a page. This issue has been patched in version 4.0.1.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53368 – Citizen MediaWiki XSS Injection Vulnerability

Next Article CVE-2025-53370 – Citizen MediaWiki Cross-Site Scripting (XSS)

Highlights

CVE-2025-43713 – ASNA Assist and ASNA Registrar Deserialization Vulnerability

July 3, 2025

CVE ID : CVE-2025-43713

Published : July 3, 2025, 2:15 p.m. | 41 minutes ago

Description : ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting. These are Windows system services that support license key management and deprecated Windows network authentication. The services are implemented with .NET remoting and can be exploited via well-known deserialization techniques inherent in the technology. Because the services run with SYSTEM-level rights, exploits can be crafted to achieve escalation of privilege and arbitrary code execution. This affects DataGate for SQL Server 17.0.36.0 and 16.0.89.0, DataGate Component Suite 17.0.36.0 and 16.0.89.0, DataGate Monitor 17.0.26.0 and 16.0.65.0, DataGate WebPak 17.0.37.0 and 16.0.90.0, Monarch for .NET 11.4.50.0 and 10.0.62.0, Encore RPG 4.1.36.0, Visual RPG .NET FW 17.0.37.0 and 16.0.90.0, Visual RPG .NET FW Windows Deployment 17.0.36.0 and 16.0.89.0, WingsRPG 11.0.38.0 and 10.0.95.0, Mobile RPG 11.0.35.0 and 10.0.94.0, Monarch Framework for .NET FW 11.0.36.0 and 10.0.89.0, Browser Terminal 17.0.37.0 and 16.0.90.0, Visual RPG Classic 5.2.7.0 and 5.1.17.0, Visual RPG Deployment 5.2.7.0 and 5.1.17.0, and DataGate Studio 17.0.38.0 and 16.0.104.0.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

PHP 8.5.0 Alpha 1 available for testing

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

Celebrating Perficient’s Third Databricks Champion

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

CVE-2025-53369 – MediaWiki Short Description Cross-Site Scripting

CVE-2025-5372 – OpenSSL SSH Key Derivation Buffer Initialization Vulnerability

CVE-2025-6944 – Uncode Core WordPress Stored Cross-Site Scripting

CVE-2025-48495 – Gokapi Cross-Site Scripting (XSS)

AlphaGenome: AI for better understanding the genome

CVE-2025-37987 – Linux PDS Core AdminQ Overflow/Stuck Condition Vulnerability

CVE-2025-6358 – Code-Projects Simple Pizza Ordering System SQL Injection Vulnerability

CVE-2025-43713 – ASNA Assist and ASNA Registrar Deserialization Vulnerability

CVE-2025-5825 – Autel MaxiCharger AC Wallbox Commercial Firmware Remote Code Execution Vulnerability

CVE-2025-32002 – I-O DATA HDL-T Series OS Command Injection

VS meldt actief misbruik van kritiek lek in Erlang Erlang/OTP SSH Server

CVE-2025-53369 – MediaWiki Short Description Cross-Site Scripting

Related Posts