Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
PR:H reflects required CheckUser privileges; UI:R for victim interaction; S:C for browser-context script execution; no availability impact.
Primary rating from Vendor (wikimedia-foundation).
CVSS VectorVendor: wikimedia-foundation
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
Lifecycle Timeline
2DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser.
This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/blockConnectedTempAccountsField.Vue.
This issue affects CheckUser: from 1.46.0-rc.0 before 1.46.0.
AnalysisAI
Cross-site scripting in the Wikimedia Foundation CheckUser extension (versions 1.46.0-rc.0 up to but not including 1.46.0) allows a high-privileged attacker to inject malicious scripts via the blockConnectedTempAccountsField Vue component used in the Temporary Accounts blocking workflow. Exploitation requires both elevated CheckUser-level privileges and active user interaction from another party, materially constraining real-world risk. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the attacker already holds CheckUser-level privileges on the target MediaWiki installation - a role restricted to a small set of trusted administrators and not available to ordinary registered users or anonymous visitors. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is very low despite the network-accessible vector. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who holds CheckUser-level privileges on a MediaWiki installation running CheckUser 1.46.0-rc.0 crafts a malicious input payload and submits it through the Temporary Accounts block interface, injecting script content into the blockConnectedTempAccountsField. A second privileged user (e.g., another CheckUser or administrator) who subsequently views the block interface encounters the injected script, which executes in their browser, potentially exfiltrating session cookies or performing actions on their behalf. … |
| Remediation | Upgrade CheckUser to version 1.46.0 or later, which corrects the neutralization flaw in the blockConnectedTempAccountsField Vue component. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hija
An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Rated medium severity (CVSS 6.5), this vu
Wikimedia Foundation CheckUser versions 1.45.0 through 1.45.1 expose sensitive information to unauthorized actors throug
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia F
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia F
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41011
GHSA-5m8f-rxqc-4gpj