Skip to main content

Mediawiki Globalwatchlist Extension

1 CVEs product

Monthly

CVE-2026-39933 MEDIUM This Month

Cross-site scripting (XSS) in Wikimedia Foundation's MediaWiki GlobalWatchlist Extension enables unauthenticated remote attackers to execute arbitrary JavaScript in victim browsers with critical impact across confidentiality, integrity, and availability (CVSS 10.0). This vulnerability affects only non-release development branches, not production deployments. No public exploit identified at time of analysis, though the publicly accessible Phabricator task and Gerrit code review may facilitate proof-of-concept development.

XSS Mediawiki Globalwatchlist Extension
NVD
CVSS 4.0
6.9
EPSS
0.0%
EPSS 0% CVSS 6.9
MEDIUM This Month

Cross-site scripting (XSS) in Wikimedia Foundation's MediaWiki GlobalWatchlist Extension enables unauthenticated remote attackers to execute arbitrary JavaScript in victim browsers with critical impact across confidentiality, integrity, and availability (CVSS 10.0). This vulnerability affects only non-release development branches, not production deployments. No public exploit identified at time of analysis, though the publicly accessible Phabricator task and Gerrit code review may facilitate proof-of-concept development.

XSS Mediawiki Globalwatchlist Extension
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy