VYPR

Packagist (Composer) package

mediawiki/cargo

pkg:composer/mediawiki/cargo

Vulnerabilities (3)

  • CVE-2025-62671MedOct 18, 2025
    affected < 3.8.3fixed 3.8.3

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: master.

  • CVE-2024-47847Oct 5, 2024
    affected < 3.6.1fixed 3.6.1

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.

  • CVE-2024-23173Jan 12, 2024
    affected < 1.35.14fixed 1.35.14

    An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFi