StarCitizenWiki/mediawiki-extensions-EmbedVideo, Stored Cross-Site Scripting, CVE-2025-XXXXX (High)

The vulnerability exists because the EmbedVideo extension does not properly sanitize the value of the `data-iframeconfig` attribute provided via wikitext. This attribute’s content is used to dynamically set other attributes on an HTML `