{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T18:58:23.387","vulnerabilities":[{"cve":{"id":"CVE-2026-22712","sourceIdentifier":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","published":"2026-01-09T00:15:45.837","lastModified":"2026-02-12T17:50:28.073","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39."},{"lang":"es","value":"Codificación o escape incorrectos de la salida debido al reemplazo de palabra mágica en la vulnerabilidad ParserAfterTidy en la Extensión ApprovedRevs de Mediawiki de la Fundación Wikimedia permite la manipulación de datos de entrada. Este problema afecta a la Extensión ApprovedRevs de Mediawiki: 1.45, 1.44, 1.43, 1.39."}],"metrics":{"cvssMetricV40":[{"source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","type":"Secondary","description":[{"lang":"en","value":"CWE-116"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wikiworks:approved_revs:1.39:*:*:*:*:mediawiki:*:*","matchCriteriaId":"0680AAB5-C5C7-42A3-9CB3-D99E0126955B"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikiworks:approved_revs:1.43:*:*:*:*:mediawiki:*:*","matchCriteriaId":"293B8B8B-6988-4E0A-AC72-B49D7C98C050"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikiworks:approved_revs:1.44:*:*:*:*:mediawiki:*:*","matchCriteriaId":"30B9A0EC-4B7F-4B53-B073-B18291ECB4F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikiworks:approved_revs:1.45:*:*:*:*:mediawiki:*:*","matchCriteriaId":"73ADBE38-7AFF-4A77-8294-5786ABC4C852"}]}]}],"references":[{"url":"https://gerrit.wikimedia.org/r/q/Iee1bf1cbc8a519899e7f9dde508856bd4e5a5d2a","source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","tags":["Patch"]},{"url":"https://phabricator.wikimedia.org/T412068","source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","tags":["Exploit","Issue Tracking"]},{"url":"https://phabricator.wikimedia.org/T412068","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking"]}]}}]}