Mediawiki Proofreadpage Extension
Monthly
Improper input neutralization in the Wikimedia MediaWiki ProofreadPage Extension allows cross-site scripting (XSS) attacks targeting non-script elements via unauthenticated remote requests. The vulnerability has a CVSS 4.0 base score of 6.9 with network-accessible attack vector and low integrity and confidentiality impact. No public exploit code or active exploitation (KEV status) is documented at time of analysis, though the low attack complexity and absence of privilege requirements make this a practical threat to deployed MediaWiki instances using this extension.
Improper input neutralization in the Wikimedia MediaWiki ProofreadPage Extension allows cross-site scripting (XSS) attacks targeting non-script elements via unauthenticated remote requests. The vulnerability has a CVSS 4.0 base score of 6.9 with network-accessible attack vector and low integrity and confidentiality impact. No public exploit code or active exploitation (KEV status) is documented at time of analysis, though the low attack complexity and absence of privilege requirements make this a practical threat to deployed MediaWiki instances using this extension.