CVE-2026-39933

Summary

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension allows Cross-Site Scripting (XSS). The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45.

Affected Software

VendorProductVersion RangeStatus
The Wikimedia FoundationMediawiki - GlobalWatchlist Extension1.43unaffected
The Wikimedia FoundationMediawiki - GlobalWatchlist Extension1.44unaffected
The Wikimedia FoundationMediawiki - GlobalWatchlist Extension1.45unaffected
The Wikimedia FoundationMediawiki - GlobalWatchlist Extension0 < 1.43affected

Weaknesses

  • CWE-79: CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References