CVE-2026-22713

🗓️ 09 Jan 2026 00:00:57Reported by wikimedia-foundationType

Stored XSS in GrowthExperiments via edit summaries; affects GrowthExperiments versions 1.39-1.45.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2026-22713	9 Jan 202601:24	–	circl
CNNVD	MediaWiki - GrowthExperiments Extension 安全漏洞	9 Jan 202600:00	–	cnnvd
Cvelist	CVE-2026-22713 Stored XSS through edit summaries in GrowthExperiments	9 Jan 202600:00	–	cvelist
EUVD	EUVD-2026-1821	9 Jan 202600:00	–	euvd
NVD	CVE-2026-22713	9 Jan 202600:15	–	nvd
Positive Technologies	PT-2026-2258	9 Jan 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-22713	10 Jan 202605:41	–	redhatcve
Vulnrichment	CVE-2026-22713 Stored XSS through edit summaries in GrowthExperiments	9 Jan 202600:00	–	vulnrichment

NVD

Node

growth growthexperimentsMatch1.39mediawiki

growth growthexperimentsMatch1.43mediawiki

growth growthexperimentsMatch1.44mediawiki

growth growthexperimentsMatch1.45mediawiki

[
  {
    "defaultStatus": "unaffected",
    "product": "Mediawiki - GrowthExperiments Extension",
    "vendor": "The Wikimedia Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "1.45"
      },
      {
        "status": "affected",
        "version": "1.44"
      },
      {
        "status": "affected",
        "version": "1.43"
      },
      {
        "status": "affected",
        "version": "1.39"
      }
    ]
  }
]

Source	Link
phabricator	www.phabricator.wikimedia.org/T411144
gerrit	www.gerrit.wikimedia.org/r/q/Iff01940a163ed87ec52f3a64ba6b2dbfa2759df3

12 Feb 2026 17:47Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.15.4

CVSS 42.3

EPSS0.00015

SSVC

CWE-79