How severe is CVE-2025-43861?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2025-43861?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2025-43861

MEDIUM Year: 2025

CVSS v3 Score

4.4

Medium

Weakness Type

CWE-79

View all →

Vulnerability Description

ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the "Review Changes" dialog, the payload will be rendered and executed in the context of their own session. This issue has been patched in commit 2f177dc.

CVE-2018-1000062

MEDIUM

CVSS:4.4(Medium)

WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbit...

CWE-792018

CVE-2019-14759

MEDIUM

CVSS:4.4(Medium)

An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Ra...

CWE-792019

CVE-2019-14760

MEDIUM

CVSS:4.4(Medium)

An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Recorder applic...

CWE-792019

CVE-2019-14761

MEDIUM

CVSS:4.4(Medium)

An issue was discovered in KaiOS 2.5. The pre-installed Note application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Note application. A...

CWE-792019

CVE-2020-14445

MEDIUM

CVSS:4.4(Medium)

An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Manage...

CWE-792020

CVE-2020-4768

MEDIUM

CVSS:4.4(Medium)

IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the...

CWE-792020

CVE-2025-43861

Vulnerability Description

Related Vulnerabilities

CVE-2018-1000062

CVE-2019-14759

CVE-2019-14760

CVE-2019-14761

CVE-2020-14445

CVE-2020-4768