Growthexperiments

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-22713 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) in MediaWiki's GrowthExperiments extension (versions 1.39, 1.43, 1.44, 1.45) allows authenticated attackers to inject malicious scripts through improper input validation, with public exploit code available. An attacker with user privileges can exploit this vulnerability to perform actions on behalf of other users or steal sensitive information due to the low complexity attack vector and user interaction requirement. A patch is available for affected installations.

Mediawiki XSS Growthexperiments

NVD

CVSS 3.1

5.4

EPSS

0.0%

CVE-2026-22713

EPSS 0% CVSS 5.4

MEDIUM POC PATCH This Month

Cross-site scripting (XSS) in MediaWiki's GrowthExperiments extension (versions 1.39, 1.43, 1.44, 1.45) allows authenticated attackers to inject malicious scripts through improper input validation, with public exploit code available. An attacker with user privileges can exploit this vulnerability to perform actions on behalf of other users or steal sensitive information due to the low complexity attack vector and user interaction requirement. A patch is available for affected installations.

Mediawiki XSS Growthexperiments

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy