CVE-2026-39936

Description

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Score Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Score Extension.

References

• https://gerrit.wikimedia.org/r/q/I1fb2913bc32328cbc4ecd4b4ad4a4788fb98c56c
• https://phabricator.wikimedia.org/T419186