CVE Catalog

CVE-2026-58032

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.44%

35th percentile — higher than 35% of all known CVEs

Summary

A cross-site scripting (XSS) vulnerability exists in MediaWiki before versions 1.46.0, 1.45.4, 1.44.6, and 1.43.9 in the file resources/src/mediawiki.Api/index.js. Improper input neutralization during web page generation allows injection of malicious scripts.

Risk Assessment

An attacker can exploit this vulnerability to execute arbitrary JavaScript in the victim's browser, potentially leading to session theft, account takeover, or sensitive data leakage.

Recommendation

Immediately upgrade MediaWiki to version 1.46.0, 1.45.4, 1.44.6, or 1.43.9 (or later) which includes a fix for the XSS vulnerability.

Original NVD description (English source)

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Api/index.Js. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS