CVE-2026-0670 in ProofreadPage Extension
Summary
by MITRE • 01/07/2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki - ProofreadPage Extension: 1.45, 1.44, 1.43, 1.39.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 01/08/2026
This vulnerability represents a critical cross-site scripting flaw in the Wikimedia Foundation MediaWiki ProofreadPage extension, which operates under the CWE-79 category of improper neutralization of input during web page generation. The flaw exists in the extension's handling of user-supplied data within web page contexts, specifically affecting versions 1.45, 1.44, 1.43, and 1.39 of the MediaWiki platform. The vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, creating a persistent XSS vector that can be exploited across multiple MediaWiki installations.
The technical implementation of this vulnerability stems from inadequate input sanitization within the ProofreadPage extension's rendering mechanisms. When users interact with proofreading functionality or submit content through the extension, the system fails to properly escape or validate user-provided parameters before incorporating them into dynamic web page content. This insufficient validation creates an environment where malicious payloads can be executed in the context of other users' browsers, potentially leading to session hijacking, credential theft, or arbitrary code execution. The flaw operates at the application layer and can be classified under the ATT&CK technique T1566.001 for initial access through web application attacks.
The operational impact of this vulnerability extends beyond simple script injection, as it can compromise the integrity of the entire MediaWiki ecosystem where the ProofreadPage extension is deployed. Attackers can leverage this weakness to manipulate content, redirect users to malicious sites, or harvest sensitive information from authenticated sessions. Given that MediaWiki is widely used for collaborative knowledge platforms, including Wikipedia and various institutional wikis, the potential attack surface is extensive. The vulnerability affects not only individual user sessions but also the broader trust model of these collaborative platforms, as malicious actors could inject false information or manipulate proofreading workflows. This risk is particularly concerning in environments where the extension handles sensitive document review processes or user-generated content.
Mitigation strategies for this vulnerability should include immediate patching of affected MediaWiki versions to the latest releases containing security fixes. Organizations should implement comprehensive input validation and output encoding mechanisms, particularly for parameters used in the ProofreadPage extension's rendering processes. The implementation of Content Security Policy headers can provide additional protection layers against script execution. Security teams should also consider monitoring user activity for suspicious input patterns and implementing web application firewalls to detect and block malicious payloads. Regular security assessments of MediaWiki extensions and adherence to secure coding practices, including proper HTML escaping and parameter validation, are essential for preventing similar vulnerabilities in future deployments.