CVE Catalog

CVE-2026-58031

UnknownCVSS 0.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile — higher than 14% of all known CVEs

Summary

An XSS vulnerability in MediaWiki exists in the ApiSandboxLayout.Js file, allowing an attacker to inject malicious script into a page. The issue affects versions from 1.46.0-rc.0 before 1.46.0.

Risk Assessment

An attacker can exploit this vulnerability to steal user sessions, redirect to malicious sites, or perform other actions in the victim's context.

Recommendation

Immediately update MediaWiki to version 1.46.0 or later, which includes the fix.

Original NVD description (English source)

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from 1.46.0-rc.0 before 1.46.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS