GHSA-p85q-mww9-gwqf
Suggest an improvement- Source
- https://github.com/advisories/GHSA-p85q-mww9-gwqf
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-p85q-mww9-gwqf/GHSA-p85q-mww9-gwqf.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-p85q-mww9-gwqf
- Aliases
- Published
- 2025-07-03T21:38:37Z
- Modified
- 2025-07-03T21:57:12.930197Z
- Severity
-
- 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVSS Calculator
- Summary
- Citizen Short Description stored XSS vulnerability through wikitext
- Details
-
Summary
Short descriptions are not properly sanitized by the ShortDescription before being inserted as HTML using
mw.util.addSubtitle, allowing any user to insert arbitrary HTML into the DOM by editing a page.Details
The description provided by the user via the
{{SHORTDESC:}}parser function is insufficiently sanitized by thesanitize()function, as html entities are decoded: https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/blob/7244b1e8b5cb6dbd7e546c5be7fed8a56e33d065/includes/Hooks/ParserHooks.php#L147-L159 Via JS, the short description is then passed tomw.util.addSubtitle, which inserts it as raw HTML: https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/blob/7244b1e8b5cb6dbd7e546c5be7fed8a56e33d065/modules/ext.shortDescription.js#L8 https://github.com/wikimedia/mediawiki/blob/96372101b3c579d9992e8a31a3ccd90a937cac47/resources/src/mediawiki.util/util.js#L552-L563PoC
- Enable ShortDescription
- Make sure
$wgShortDescriptionEnableTaglineis set totrue(this is the default) - Create a page and insert the following wikitext:
{{SHORTDESC:<img src="" onerror="alert('shortdescription xss')">}} - Visit the page
Impact
Arbitrary HTML can be inserted into the DOM by any user, allowing for JavaScript to be executed.
- Database specific
{ "github_reviewed": true, "nvd_published_at": "2025-07-03T20:15:23Z", "severity": "HIGH", "cwe_ids": [ "CWE-79" ], "github_reviewed_at": "2025-07-03T21:38:37Z" }- References
-
- https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/security/advisories/GHSA-p85q-mww9-gwqf
- https://nvd.nist.gov/vuln/detail/CVE-2025-53369
- https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription/commit/bc4fdbaeb1dff127fb6d08c0d385b64aa128c8f8
- https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription
Affected packages
Packagist / starcitizentools/short-description
Package
- Name
- starcitizentools/short-description
- Purl
- pkg:composer/starcitizentools/short-description