Cross-Site Scripting Vulnerability in Wikimedia Foundation Mediawiki Wikilove Extension
CVE-2026-22711

6.9MEDIUM

Key Information:

Vendor: The Wikimedia Foundation
Status: Mediawiki - Wikilove Extension
Vendor: CVE Published:; 7 April 2026

🔔 Create The Wikimedia Foundation Vulnerability Alert

What is CVE-2026-22711?

A vulnerability in The Wikimedia Foundation's Mediawiki Wikilove Extension presents a risk of Cross-Site Scripting (XSS) due to improper neutralization of alternate XSS syntax. This issue exists in specific versions of the extension, allowing attackers to execute arbitrary scripts in the context of a user's session. It is vital for users to update to patched versions to mitigate potential exploits. More details can be found in the references provided.

Affected Version(s)

Mediawiki - Wikilove Extension 1.43.7

Mediawiki - Wikilove Extension 1.44.4

Mediawiki - Wikilove Extension 1.45.2

References

https://phabricator.wikimedia.org/T416502

https://gerrit.wikimedia.org/r/q/Iab86209478a044504f5a6ae...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Jan 8, 2026

Credit

SomeRandomDeveloper

CVE-2026-22711 Data

JSON