XSS in Wikimedia Foundation Mediawiki - Proofreadpage Extension

CVE-2026-39838

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows XSS Targeting Non-Script Elements. The issue has been remediated on the `…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (21.0th percentile) — read the EPSS interpretation.