CVE Catalog

CVE-2026-14358

MediumCVSS 6.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

18th percentile — higher than 18% of all known CVEs

Summary

The Charts extension for MediaWiki contains an XSS vulnerability due to improper input neutralization during page generation. Affected versions are before 1.43.9, 1.44.6, and 1.45.4.

Risk Assessment

An attacker can inject malicious scripts that execute in the victim's browser, potentially leading to session theft, account takeover, or data leakage.

Recommendation

Immediately update the Charts extension to version 1.43.9, 1.44.6, or 1.45.4 depending on your MediaWiki branch.

Original NVD description (English source)

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Charts Extension allows Cross-Site Scripting (XSS). This issue affects Mediawiki - Charts Extension: from * before 1.43.9,1.44.6,1.45.4.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS