CVE-2026-22713 identifies a Cross-Site Scripting (XSS) vulnerability in the GrowthExperiments extension of the Mediawiki platform maintained by The Wikimedia Foundation. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, classified under CWE-79. Affected versions include 1.39, 1.43, 1.44, and 1.45 of the extension. The vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users, potentially leading to session hijacking, defacement, or redirection to malicious sites. The CVSS 4.0 score is 2.3, indicating low severity, primarily because exploitation requires user interaction and the impact on confidentiality, integrity, and availability is limited. The attack vector is network-based with low attack complexity and no privileges required, but user interaction is necessary. No known exploits have been reported in the wild, and no official patches have been linked yet. The vulnerability affects web applications running Mediawiki with the GrowthExperiments extension enabled, which is commonly used in collaborative knowledge bases and documentation platforms. The issue highlights the need for proper input validation and output encoding in web application development to prevent XSS attacks.

For European organizations, the impact of CVE-2026-22713 is generally low but non-negligible. Organizations using Mediawiki with the GrowthExperiments extension may face risks of user session compromise, unauthorized actions performed on behalf of users, or defacement of publicly accessible wiki pages. This could lead to reputational damage, especially for public sector entities and educational institutions that rely on Mediawiki for knowledge sharing. Confidential information exposure is limited due to the low impact on confidentiality, but integrity and availability could be marginally affected if attackers inject disruptive scripts. Since exploitation requires user interaction, the risk is mitigated by user awareness and security controls. However, targeted phishing or social engineering campaigns could increase the likelihood of successful exploitation. The absence of known exploits reduces immediate risk but does not eliminate the need for proactive mitigation.

1. Monitor official Wikimedia Foundation channels for patches or updates addressing this vulnerability and apply them promptly once available. 2. Implement strict input validation and output encoding in the GrowthExperiments extension codebase to neutralize potentially malicious input. 3. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 4. Educate users about the risks of clicking on untrusted links or interacting with suspicious content within the wiki environment. 5. Conduct regular security audits and penetration testing focusing on web application vulnerabilities, including XSS. 6. Consider disabling or removing the GrowthExperiments extension if it is not essential to reduce the attack surface. 7. Use web application firewalls (WAFs) configured to detect and block common XSS attack patterns targeting Mediawiki instances. 8. Ensure that user privileges are appropriately limited to minimize the impact of any successful XSS exploitation.