<Vulnerability name="CVE-2026-58038">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Low</ThreatSeverity>
    <PublicDate>2026-07-01T15:04:01</PublicDate>
    <Bugzilla id="2496016" url="https://bugzilla.redhat.com/show_bug.cgi?id=2496016" xml:lang="en:us">
timeline: EasyTimeline: Wikimedia Foundation Timeline: Cross-site Scripting vulnerability
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>3.7</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-79</CWE>
    <Details xml:lang="en:us" source="Mitre">
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation timeline.

 This vulnerability is associated with program files includes/Timeline.Php, scripts/EasyTimeline.Pl.



This issue affects timeline: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in the Wikimedia Foundation Timeline component. This cross-site scripting (XSS) vulnerability allows a remote attacker to inject malicious scripts into web pages. Successful exploitation could lead to significant impacts such as information disclosure, session hijacking, or defacement of affected web pages.
    </Details>
    <Statement xml:lang="en:us">
This Cross-site Scripting (XSS) vulnerability in the Wikimedia Foundation Timeline component is rated as Low impact. While a remote attacker could inject malicious scripts, successful exploitation typically requires specific user interaction or a highly customized environment, limiting its broader applicability in standard Red Hat deployments.
    </Statement>
    <Mitigation xml:lang="en:us">
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
    </Mitigation>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-58038
https://nvd.nist.gov/vuln/detail/CVE-2026-58038
https://phabricator.wikimedia.org/T427611
    </References>
</Vulnerability>