CVE-2026-39935
Severity CVSS v4.0:
MEDIUM
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
07/04/2026
Last modified:
08/04/2026
Description
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting (XSS). This issue was remediated only on the `master` branch.
Impact
Base Score 4.0
6.90
Severity 4.0
MEDIUM