This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php, includes/Logging/PatrolLogFormatter.Php, includes/Logging/RenameuserLogFormatter.Php, includes/Logging/TagLogFormatter.Php, includes/Specials/SpecialVersion.Php.
This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Debian DSA |
DSA-6380-1 | mediawiki security update |
| Link | Providers |
|---|---|
| https://phabricator.wikimedia.org/T422995 |
|
Thu, 02 Jul 2026 01:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Wikimedia
Wikimedia mediawiki |
|
| Vendors & Products |
Wikimedia
Wikimedia mediawiki |
Wed, 01 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php, includes/Logging/PatrolLogFormatter.Php, includes/Logging/RenameuserLogFormatter.Php, includes/Logging/TagLogFormatter.Php, includes/Specials/SpecialVersion.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9. | |
| Title | Core log entries for exceptions and XSS issues in log entry formatting code that may be caused by user-controlled input | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: wikimedia-foundation
Published:
Updated: 2026-07-01T15:46:44.776Z
Reserved: 2026-06-27T13:32:41.613Z
Link: CVE-2026-58037
Updated: 2026-07-01T15:46:39.619Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-09T06:45:04Z
Debian DSA