CVE-2026-39838

UNKNOWN View on NVD ↗

Description

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows XSS Targeting Non-Script Elements.This issue affects .

References

https://gerrit.wikimedia.org/r/q/Idd51e18479b32b7176b43ff74ca1c49d6bdd0628
https://phabricator.wikimedia.org/T406088

Published: Apr 07, 2026 20:16 UTC Modified: Apr 07, 2026 20:16 UTC