CVE-2026-39933

UNKNOWN View on NVD ↗

Description

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension allows Cross-Site Scripting (XSS).This issue affects non release branches.

References

https://gerrit.wikimedia.org/r/q/I1fc7b7e1d234b0aaf9f7d782a65da1451577587e
https://phabricator.wikimedia.org/T418179

Published: Apr 07, 2026 22:16 UTC Modified: Apr 07, 2026 22:16 UTC