XSS Vulnerability in Wikimedia Foundation's Mediawiki - Charts Extension
CVE-2026-14358

6.9MEDIUM

What is CVE-2026-14358?

The Mediawiki - Charts Extension from Wikimedia Foundation is susceptible to a cross-site scripting (XSS) vulnerability due to improper neutralization of input during web page generation. This flaw allows attackers to execute malicious scripts in the context of users' browsers, potentially compromising user data and session integrity. Affected versions include those prior to 1.43.9, and 1.44.6, and 1.45.4, making it imperative for users to update to the latest versions to mitigate this risk.

Affected Version(s)

Mediawiki - Charts Extension * < 1.43.9,1.44.6,1.45.4

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Reedy
aude
.