CVE Catalog

CVE-2026-58035

UnknownCVSS 0.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki due to improper input neutralization during page generation. The issue is located in resource files related to user blocking.

Risk Assessment

An attacker can inject malicious JavaScript, leading to session theft, account takeover, or website defacement.

Recommendation

Immediately update MediaWiki to the latest patched version and implement a Content Security Policy (CSP).

Original NVD description (English source)

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Block/SpecialBlock.Vue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS