{"id":"CVE-2026-58037","details":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki.\n\n This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php, includes/Logging/PatrolLogFormatter.Php, includes/Logging/RenameuserLogFormatter.Php, includes/Logging/TagLogFormatter.Php, includes/Specials/SpecialVersion.Php.\n\n\n\nThis issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.","modified":"2026-07-11T04:04:10.431233361Z","published":"2026-07-01T16:16:51.063Z","database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:a:mediawiki:mediawiki:1.46.0:rc0:*:*:*:*:*:*"],"extracted_events":[{"introduced":"1.46.0-rc0"},{"last_affected":"1.46.0-rc0"}],"source":"CPE_STRING","vendor_product":"mediawiki:mediawiki"}]},"references":[{"type":"REPORT","url":"https://phabricator.wikimedia.org/T422995"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wikimedia/mediawiki","events":[{"introduced":"8216997ffcc956a610635f07044fb9a3b5dda9d9"},{"fixed":"50755a861e6e748cf8bac24e8cdd5e83db018081"},{"introduced":"858ee255edbe0da2ff8152df403cac2dba2c9948"},{"fixed":"a36f3bc851a8ae3377ee5602b7e2a355d59e7b0e"},{"introduced":"99b4a221a98c0ac1531c3f4e31248562833dbc82"},{"fixed":"ea7980d473268e0ef28c64328a1325f8f4e414b6"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.43.0"},{"fixed":"1.43.9"},{"introduced":"1.44.0"},{"fixed":"1.44.6"},{"introduced":"1.45.0"},{"fixed":"1.45.4"}]}}],"versions":["1.43.8","1.44.5","1.45.3","1.45.2","1.44.4","1.43.7","1.45.1","1.44.3","1.43.6","1.45.0","1.43.5","1.44.2","1.43.4","1.44.0","1.43.3","1.43.2","1.43.1","1.43.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-58037.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}