Medium severityNVD Advisory· Published Apr 7, 2026· Updated Apr 8, 2026
CVE-2026-39933
CVE-2026-39933
Description
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension allows Cross-Site Scripting (XSS). The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45.
Affected products
1- Range: <1.43.1, <1.44.1, <1.45.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.