This vulnerability is associated with program files includes/SyntaxHighlight.Php.
This issue affects SyntaxHighlight_GeSHi: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Debian DSA |
DSA-6380-1 | mediawiki security update |
| Link | Providers |
|---|---|
| https://phabricator.wikimedia.org/T427167 |
|
Mon, 06 Jul 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Wikimedia
Wikimedia syntaxhighlight Geshi |
|
| Vendors & Products |
Wikimedia
Wikimedia syntaxhighlight Geshi |
Wed, 01 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation SyntaxHighlight_GeSHi. This vulnerability is associated with program files includes/SyntaxHighlight.Php. This issue affects SyntaxHighlight_GeSHi: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9. | |
| Title | SyntaxHighlight stored XSS via unsanitized 'linelinks' attribute | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: wikimedia-foundation
Published:
Updated: 2026-07-01T15:48:58.797Z
Reserved: 2026-06-27T13:32:37.577Z
Link: CVE-2026-58030
Updated: 2026-07-01T15:48:54.831Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T02:15:15Z
Debian DSA