GCVE - cpe:2.3:a:mediawiki:cargo:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mediawiki:cargo:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Mediawiki (`cdb1ca1d-4622-5407-a7d8-3e891579b8c5`)
Product	Cargo (`4f519ef0-bc75-50c7-a3d1-50cc64320bea`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-39841`	vulnerable	2026-06-03 15:22:13.169365	Stored XSS through list fields on Cargo's page values and Special:CargoTables Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7. Published: 2026-04-07T19:43:48.096Z Updated: 2026-04-07T20:42:42.588Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T416389 https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1237973	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-39840`	vulnerable	2026-06-03 15:22:13.168957	CSS injection in multiple Cargo display formats Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7. Published: 2026-04-07T19:35:36.153Z Updated: 2026-04-07T20:42:42.943Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T416368 https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1237966	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-39839`	vulnerable	2026-06-03 15:22:13.168485	Stored XSS through URLs in Cargo's map format Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7. Published: 2026-04-07T19:29:11.025Z Updated: 2026-04-07T20:42:43.130Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T416271 https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1237957 https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1237977	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-39837`	vulnerable	2026-06-03 15:22:13.166518	Stored XSS through the dynamic table format in Cargo Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7. Published: 2026-04-07T19:47:18.207Z Updated: 2026-04-07T20:42:42.016Z Open on db.gcve.eu Reference links https://phabricator.wikimedia.org/T416402 https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1237979	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.