CVE-2026-0670

CVE-2026-0670: Stored XSS through a system message and a user-provided parameter in ProofreadPage

Vendor Wikimedia Foundation
Product MediaWiki - ProofreadPage Extension
Weakness CWE-79 · XSS
Published January 7, 2026
Last update January 7, 2026

CVSS base score

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki - ProofreadPage Extension: 1.45, 1.44, 1.43, 1.39.

Key dates

02Disclosure timeline

January 7, 2026 CVE published
January 7, 2026 Record updated