GCVE - cpe:2.3:a:wikimedia_foundation:mediawiki_-_cargo

Approved changes feed: RSS · Atom

cpe:2.3:a:wikimedia_foundation:mediawiki_-_cargo_extension:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Wikimedia Foundation (`f7943c01-50f6-53ec-b645-b355c8f75e02`)
Product	Mediawiki Cargo Extension (`ab0d9a44-e4d8-57ad-bd00-27b2931c5469`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-39841`	vulnerable	2026-06-03 15:22:13.169238	Stored XSS through list fields on Cargo's page values and Special:CargoTables Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7. Published: 2026-04-07T19:43:48.096Z Updated: 2026-04-07T20:42:42.588Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T416389 https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1237973	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-39840`	vulnerable	2026-06-03 15:22:13.168770	CSS injection in multiple Cargo display formats Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7. Published: 2026-04-07T19:35:36.153Z Updated: 2026-04-07T20:42:42.943Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T416368 https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1237966	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-39839`	vulnerable	2026-06-03 15:22:13.168444	Stored XSS through URLs in Cargo's map format Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7. Published: 2026-04-07T19:29:11.025Z Updated: 2026-04-07T20:42:43.130Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T416271 https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1237957 https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1237977	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-39837`	vulnerable	2026-06-03 15:22:13.163930	Stored XSS through the dynamic table format in Cargo Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7. Published: 2026-04-07T19:47:18.207Z Updated: 2026-04-07T20:42:42.016Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T416402 https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1237979	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Mediawiki Cargo Extension

PURL mappings

Vulnerability references

Contribute