Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.
This issue affects Mediawiki - Cargo Extension: from * before 3.9.1.
This issue affects Mediawiki - Cargo Extension: from * before 3.9.1.
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 01 Jul 2026 05:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension: from * before 3.9.1. | |
| Title | Stored XSS through Cargo's map format | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: wikimedia-foundation
Published:
Updated: 2026-07-01T03:59:33.932Z
Reserved: 2026-07-01T03:40:44.769Z
Link: CVE-2026-58519
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses