Medium severity6.1NVD Advisory· Published Apr 7, 2026· Updated Apr 15, 2026
CVE-2026-39839
CVE-2026-39839
Description
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <3.8.7
Patches
Vulnerability mechanics
References
3- gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1237957nvdPatch
- gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1237977nvdPatch
- phabricator.wikimedia.org/T416271nvdExploitIssue TrackingVendor Advisory
News mentions
0No linked articles in our index yet.