Product
A high-severity stored cross-site scripting (XSS) vulnerability, CVE-2026-52854, exists in the MediaWiki Maps extension (versions prior to 12.1.3), allowing any authenticated user with edit permissions to inject malicious JavaScript into the `overlays` parameter of the `display_map` parser function, leading to arbitrary client-side code execution in a victim's browser.