πŸ” CVE Alert

CVE-2026-39935

UNKNOWN 0.0

XSS-via-i18n in localised wiki names

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
15th

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting (XSS).Β This issue was remediated only on the `master` branch.

CWE CWE-79
Vendor the wikimedia foundation
Product mediawiki - campaignevents extension
Published Apr 7, 2026
Last Updated Apr 8, 2026
Stay Ahead of the Next One

Get instant alerts for the wikimedia foundation mediawiki - campaignevents extension

Be the first to know when new unknown vulnerabilities affecting the wikimedia foundation mediawiki - campaignevents extension are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

The Wikimedia Foundation / Mediawiki - CampaignEvents Extension
1.43 1.44 1.45 0 < 1.43

References

NVD β†— CVE.org β†— EPSS Data β†—
phabricator.wikimedia.org: https://phabricator.wikimedia.org/T418254 gerrit.wikimedia.org: https://gerrit.wikimedia.org/r/c/1249320

Credits

Daimona