This page lists publicly disclosed CVE vulnerabilities affecting mediawiki cargo (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-39841 | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 6.3 | 0.16% | 2026-04-07 | 2026-06-17 |
| CVE-2026-39840 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 5.1 | 0.16% | 2026-04-07 | 2026-06-17 |
| CVE-2026-39839 | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 6.3 | 0.18% | 2026-04-07 | 2026-06-17 |
| CVE-2026-39837 | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 6.3 | 0.19% | 2026-04-07 | 2026-06-17 |
| CVE-2024-47849 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 8.8 | 0.51% | 2024-10-04 | 2026-06-17 |
| CVE-2024-47847 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 6.9 | 0.38% | 2024-10-04 | 2026-06-17 |
| CVE-2024-47846 | Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 6.9 | 0.26% | 2024-10-04 | 2026-06-17 |