This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js.
This issue affects MediaWiki: from 1.46.0-rc.0 before 1.46.0.
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 02 Jul 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Thu, 02 Jul 2026 00:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Wikimedia
Wikimedia mediawiki |
|
| Vendors & Products |
Wikimedia
Wikimedia mediawiki |
Wed, 01 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from 1.46.0-rc.0 before 1.46.0. | |
| Title | Stored i18n XSS in Special:ApiSandbox when a deprecated module is selected | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: wikimedia-foundation
Published:
Updated: 2026-07-01T14:45:46.186Z
Reserved: 2026-06-27T13:32:37.577Z
Link: CVE-2026-58031
Updated: 2026-07-01T14:45:43.085Z
No data.
OpenCVE Enrichment
Updated: 2026-07-02T05:30:17Z