CVE Catalog

CVE-2026-58030

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.39%

31th percentile — higher than 31% of all known CVEs

Summary

An XSS vulnerability in the SyntaxHighlight_GeSHi extension for MediaWiki allows an attacker to inject malicious JavaScript code due to improper input neutralization during page generation. The issue is located in includes/SyntaxHighlight.php.

Risk Assessment

An attacker can exploit this vulnerability to steal user sessions, redirect to malicious sites, or perform other actions in the victim's browser context, potentially compromising data confidentiality and integrity.

Recommendation

Immediately update the SyntaxHighlight_GeSHi extension to version 1.46.0, 1.45.4, 1.44.6, or 1.43.9 depending on the MediaWiki branch in use.

Original NVD description (English source)

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation SyntaxHighlight_GeSHi. This vulnerability is associated with program files includes/SyntaxHighlight.Php. This issue affects SyntaxHighlight_GeSHi: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS