CVE-2026-58030
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk31th percentile — higher than 31% of all known CVEs
Summary
An XSS vulnerability in the SyntaxHighlight_GeSHi extension for MediaWiki allows an attacker to inject malicious JavaScript code due to improper input neutralization during page generation. The issue is located in includes/SyntaxHighlight.php.
Risk Assessment
An attacker can exploit this vulnerability to steal user sessions, redirect to malicious sites, or perform other actions in the victim's browser context, potentially compromising data confidentiality and integrity.
Recommendation
Immediately update the SyntaxHighlight_GeSHi extension to version 1.46.0, 1.45.4, 1.44.6, or 1.43.9 depending on the MediaWiki branch in use.
Original NVD description (English source)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation SyntaxHighlight_GeSHi. This vulnerability is associated with program files includes/SyntaxHighlight.Php. This issue affects SyntaxHighlight_GeSHi: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

