PT-2026-2256 · Unknown · Wikibase Extension For Mediawiki
Somerandomdeveloper
·
Published
2026-01-08
·
Updated
2026-01-09
·
CVE-2026-22710
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Mediawiki - Wikibase Extension versions 1.39 through 1.45
Description
The Mediawiki - Wikibase Extension is susceptible to a Cross-Site Scripting (XSS) issue due to improper neutralization of input during web page generation. This allows for the injection of malicious scripts. The issue occurs through the autocomment system messages within Wikibase.
Recommendations
Update Mediawiki - Wikibase Extension to a version later than 1.45.
Update Mediawiki - Wikibase Extension to a version later than 1.44.
Update Mediawiki - Wikibase Extension to a version later than 1.43.
Update Mediawiki - Wikibase Extension to a version later than 1.39.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wikibase Extension For Mediawiki