CVE-2026-39935

Summary

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting (XSS). This issue was remediated only on the master branch.

Affected Software

VendorProductVersion RangeStatus
The Wikimedia FoundationMediawiki - CampaignEvents Extension1.43affected
The Wikimedia FoundationMediawiki - CampaignEvents Extension1.44affected
The Wikimedia FoundationMediawiki - CampaignEvents Extension1.45affected
The Wikimedia FoundationMediawiki - CampaignEvents Extension0 < 1.43affected

Weaknesses

  • CWE-79: CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References