wid-sec-w-2026-1043 · Published 2026-04-09 · View on BSI CERT-Bund ↗

MediaWiki Erweiterungen: Multiple Vulnerabilities allow Cross-Site Scripting

CVSS N/A NONE

Risk Summary

Ein Angreifer kann mehrere Schwachstellen in MediaWiki Extensions ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.

CVEs (13)

CVE-2026-22711 CVE-2026-30977 CVE-2026-39837 CVE-2026-39838 CVE-2026-39839 CVE-2026-39840 CVE-2026-39841 CVE-2026-39933 CVE-2026-39934 CVE-2026-39935 CVE-2026-39936 CVE-2026-39937 CVE-2026-5762

Affected Vendors

Open Source

Affected Products (14)

Open Source · MediaWiki <1.43.7

Open Source · MediaWiki 1.43.7

Open Source · MediaWiki <1.44.4

Open Source · MediaWiki 1.44.4

Open Source · MediaWiki <1.45.2

Open Source · MediaWiki 1.45.2

Open Source · MediaWiki Wikilove Extension

Open Source · MediaWiki ProofreadPage Extension

Open Source · MediaWiki Cargo Extension

Open Source · MediaWiki ReportIncident Extension

Open Source · MediaWiki GrowthExperiments Extension

Open Source · MediaWiki CampaignEvents Extension

Open Source · MediaWiki Score Extension

Open Source · MediaWiki CentralAuth Extension

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more