Skip to main content

Syntaxhighlight Geshi

1 CVEs product

Monthly

CVE-2026-58030 MEDIUM PATCH This Month

Cross-site scripting in the Wikimedia Foundation SyntaxHighlight_GeSHi MediaWiki extension allows authenticated users to inject unsanitized input via the syntax highlighting interface, with malicious script executing in victims' browsers upon page view. The flaw originates in includes/SyntaxHighlight.php and affects all versions prior to branch-specific fixes at 1.46.0, 1.45.4, 1.44.6, and 1.43.9. No public exploit code or active exploitation has been identified at time of analysis, and the CVSS 4.0 score of 5.3 (Medium) reflects limited confidentiality impact scoped to the vulnerable system.

XSS PHP Syntaxhighlight Geshi
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Cross-site scripting in the Wikimedia Foundation SyntaxHighlight_GeSHi MediaWiki extension allows authenticated users to inject unsanitized input via the syntax highlighting interface, with malicious script executing in victims' browsers upon page view. The flaw originates in includes/SyntaxHighlight.php and affects all versions prior to branch-specific fixes at 1.46.0, 1.45.4, 1.44.6, and 1.43.9. No public exploit code or active exploitation has been identified at time of analysis, and the CVSS 4.0 score of 5.3 (Medium) reflects limited confidentiality impact scoped to the vulnerable system.

XSS PHP Syntaxhighlight Geshi
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy