CVE-2026-58032
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk35th percentile — higher than 35% of all known CVEs
Summary
A cross-site scripting (XSS) vulnerability exists in MediaWiki before versions 1.46.0, 1.45.4, 1.44.6, and 1.43.9 in the file resources/src/mediawiki.Api/index.js. Improper input neutralization during web page generation allows injection of malicious scripts.
Risk Assessment
An attacker can exploit this vulnerability to execute arbitrary JavaScript in the victim's browser, potentially leading to session theft, account takeover, or sensitive data leakage.
Recommendation
Immediately upgrade MediaWiki to version 1.46.0, 1.45.4, 1.44.6, or 1.43.9 (or later) which includes a fix for the XSS vulnerability.
Original NVD description (English source)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Api/index.Js. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

