Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation timeline.
This vulnerability is associated with program files includes/Timeline.Php, scripts/EasyTimeline.Pl.
This issue affects timeline: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Metrics
Affected Vendors & Products
References
History
Mon, 06 Jul 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Wikimedia
Wikimedia timeline |
|
| Vendors & Products |
Wikimedia
Wikimedia timeline |
Fri, 03 Jul 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Wed, 01 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files includes/Timeline.Php, scripts/EasyTimeline.Pl. This issue affects timeline: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9. | |
| Title | Stored XSS through javascript URLs in SVGs generated by EasyTimeline | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: wikimedia-foundation
Published: 2026-07-01T15:04:01.989Z
Updated: 2026-07-01T15:47:50.725Z
Reserved: 2026-06-27T13:32:41.613Z
Link: CVE-2026-58038
Updated: 2026-07-01T15:47:47.332Z
No data.