Vulnerability Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki - ProofreadPage Extension: 1.45, 1.44, 1.43, 1.39.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wikisource | Proofread Page | 1.39 |
Related Weaknesses (CWE)
References
- https://gerrit.wikimedia.org/r/q/I7c028db5ed81843aacd596b0ee4dc2980f5b6e3cPatch
- https://phabricator.wikimedia.org/T409423ExploitIssue Tracking
FAQ
What is CVE-2026-0670?
CVE-2026-0670 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows Cross-Site Scripting (XSS)....
How severe is CVE-2026-0670?
CVE-2026-0670 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-0670?
Check the references section above for vendor advisories and patch information. Affected products include: Wikisource Proofread Page.