CVE Catalog
CVE-2026-58035
UnknownCVSS 0.0Exploitation Probability (EPSS)
Low risk0.25%
16th percentile — higher than 16% of all known CVEs
Summary
Cross-site scripting (XSS) vulnerability in MediaWiki due to improper input neutralization during page generation. The issue is located in resource files related to user blocking.
Risk Assessment
An attacker can inject malicious JavaScript, leading to session theft, account takeover, or website defacement.
Recommendation
Immediately update MediaWiki to the latest patched version and implement a Content Security Policy (CSP).
Original NVD description (English source)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Block/SpecialBlock.Vue.

