{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T15:05:19.733","vulnerabilities":[{"cve":{"id":"CVE-2026-0671","sourceIdentifier":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","published":"2026-01-08T17:15:50.240","lastModified":"2026-06-17T10:11:10.990","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - UploadWizard extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki - UploadWizard extension: 1.45, 1.44, 1.43, 1.39."}],"affected":[{"source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","affectedData":[{"vendor":"Wikimedia Foundation","product":"MediaWiki - UploadWizard extension","defaultStatus":"unaffected","repo":"https://gerrit.wikimedia.org/g/mediawiki/extensions/UploadWizard","versions":[{"version":"1.45","status":"affected"},{"version":"1.44","status":"affected"},{"version":"1.43","status":"affected"},{"version":"1.39","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-01-08T20:13:21.226518Z","id":"CVE-2026-0671","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wikimedia:mediawiki-extensions-uploadwizard:1.39:*:*:*:*:*:*:*","matchCriteriaId":"E177CDD3-DB91-4A7B-9C1E-1CE45AC857BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikimedia:mediawiki-extensions-uploadwizard:1.43:*:*:*:*:*:*:*","matchCriteriaId":"360E8939-87FB-40A8-A07E-E3F5CC4A2AFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikimedia:mediawiki-extensions-uploadwizard:1.44:*:*:*:*:*:*:*","matchCriteriaId":"1EBA4166-5A79-4636-8122-71A6DB43FE28"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikimedia:mediawiki-extensions-uploadwizard:1.45:*:*:*:*:*:*:*","matchCriteriaId":"393B61C5-BB08-4269-840B-C68BFE5F5219"}]}]}],"references":[{"url":"https://gerrit.wikimedia.org/r/q/I16de2211594ea9a686868ad7789f9879bf981fa1","source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","tags":["Patch"]},{"url":"https://phabricator.wikimedia.org/T407157","source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}}]}