VYPR

Cargo

by MediaWiki

Source repositories

CVEs (11)

  • CVE-2023-29134HigMar 27, 2024
    risk 0.56cvss 8.6epss 0.01

    An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. There is mishandling of backticks to smartSplit.

  • CVE-2026-39841MedApr 7, 2026
    risk 0.40cvss 6.1epss 0.00

    Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7.

  • CVE-2026-39840MedApr 7, 2026
    risk 0.40cvss 6.1epss 0.00

    Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7.

  • CVE-2026-39839MedApr 7, 2026
    risk 0.40cvss 6.1epss 0.00

    Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7.

  • CVE-2026-39837MedApr 7, 2026
    risk 0.35cvss 5.4epss 0.00

    Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7.

  • CVE-2025-62655LowOct 17, 2025
    risk 0.14cvss epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44.

  • CVE-2024-47846Oct 5, 2024
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.

  • CVE-2024-47849Oct 5, 2024
    risk 0.00cvss epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.

  • CVE-2024-23173Jan 12, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in…

  • CVE-2023-37254Jun 29, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.

  • CVE-2023-37256Jun 29, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs.