This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/blockConnectedTempAccountsField.Vue.
This issue affects CheckUser: from 1.46.0-rc.0 before 1.46.0.
No analysis available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
No advisories yet.
| Link | Providers |
|---|---|
| https://phabricator.wikimedia.org/T428820 |
|
Wed, 01 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/blockConnectedTempAccountsField.Vue. This issue affects CheckUser: from 1.46.0-rc.0 before 1.46.0. | |
| Title | Stored XSS through a system message when blocking a temporary account that's related to other temporary accounts | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV4_0
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: wikimedia-foundation
Published:
Updated: 2026-07-01T14:46:05.002Z
Reserved: 2026-06-27T13:32:41.613Z
Link: CVE-2026-58034
Updated: 2026-07-01T14:46:00.899Z
No data.
No data.
OpenCVE Enrichment
No data.
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')