Cross-Site Scripting Vulnerability in Wikimedia Foundation Mediawiki - Score Extension
CVE-2026-39936

6.9MEDIUM

Key Information:

Vendor: The Wikimedia Foundation
Status: Mediawiki - Score Extension
Vendor: CVE Published:; 7 April 2026

🔔 Create The Wikimedia Foundation Vulnerability Alert

What is CVE-2026-39936?

The Mediawiki - Score Extension by the Wikimedia Foundation contains a vulnerability that allows for improper neutralization of input during web page generation, leading to Cross-Site Scripting (XSS). This vulnerability can enable attackers to inject malicious scripts into otherwise benign web pages, resulting in potential data compromise, unauthorized access, or redirection to malicious sites. It is crucial for users and administrators to implement necessary security patches and to stay informed about updates related to this vulnerability.

Affected Version(s)

Mediawiki - Score Extension 1.43.7

Mediawiki - Score Extension 1.44.4

References

https://phabricator.wikimedia.org/T419186

https://gerrit.wikimedia.org/r/q/I1fb2913bc32328cbc4ecd4b...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

SomeRandomDeveloper

CVE-2026-39936 Data

JSON