Vulnerability Details CVE-2026-0671
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - UploadWizard extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki - UploadWizard extension: 1.45, 1.44, 1.43, 1.39.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.7%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2026-0671
-
cpe:2.3:a:wikimedia:mediawiki-extensions-uploadwizard:1.39
-
cpe:2.3:a:wikimedia:mediawiki-extensions-uploadwizard:1.43
-
cpe:2.3:a:wikimedia:mediawiki-extensions-uploadwizard:1.44
-
cpe:2.3:a:wikimedia:mediawiki-extensions-uploadwizard:1.45