HomeCVE Intelligence › CVE-2026-52854
CVSS 8.6 HIGH Vulnerability

CVE-2026-52854: mediawiki/maps has stored XSS through the overlays parameter in the display_map parser fu…

Summary Stored XSS through wikitext can be performed by inserting malicious HTML into the overlays parameter of the display_map parser function when using the leaflet service. Details The maps extension doesn't escape o…

8.6CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-52854
Vendorcomposer
Affected Productmediawiki/maps
Vulnerability TypeVulnerability
CVSS Score8.6 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary

Stored XSS through wikitext can be performed by inserting malicious HTML into the overlays parameter of the display_map parser function when using the leaflet service.

Details

The maps extension doesn't escape overlay names before passing them to leaflet. Leaflet then inserts them as HTML: https://github.com/ProfessionalWiki/Maps/blob/ca5139fabd75f3c34f47ea3fd161306506b053bc/resources/lib/leaflet/leaflet.js#L5243

PoC

Preview the following wikitext, using the default configuration options of the extension: `` {{#display_map:0,0|service=leaflet|overlays=OpenTopoMap. }} `

Impact

Stored XSS can be performed by any user with the edit` permission.

🎯 Known Indicators of Compromise

{"type":"sha1","value":"ca5139fabd75f3c34f47ea3fd161306506b053bc","confidence_score":0.9,"first_seen":"2026-07-02","source_count":1} {"type":"url","value":"https://github.com/ProfessionalWiki/Maps/blob/ca5139fabd75f3c34f47ea3fd161306506b053bc/resources/lib","confidence_score":0.82,"first_seen":"2026-07-02","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-52854 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence