CVE-2026-39936

Summary

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Score Extension allows Cross-Site Scripting (XSS). The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45.

Affected Software

VendorProductVersion RangeStatus
The Wikimedia FoundationMediawiki - Score Extension1.43unaffected
The Wikimedia FoundationMediawiki - Score Extension1.44unaffected
The Wikimedia FoundationMediawiki - Score Extension1.45unaffected
The Wikimedia FoundationMediawiki - Score Extension0 < 1.43affected

Weaknesses

  • CWE-79: CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References