Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.
This issue affects Mediawiki - Cargo Extension: from * before 3.9.1.
References
| Link | Resource |
|---|---|
| https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1277612 | Issue Tracking |
| https://phabricator.wikimedia.org/T424140 | Issue Tracking |
| https://phabricator.wikimedia.org/T424140 | Issue Tracking |
Configurations
History
06 Jul 2026, 20:25
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:mediawiki:cargo:*:*:*:*:*:mediawiki:*:* | |
| References | () https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1277612 - Issue Tracking | |
| References | () https://phabricator.wikimedia.org/T424140 - Issue Tracking | |
| First Time |
Mediawiki cargo
Mediawiki |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
01 Jul 2026, 13:17
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://phabricator.wikimedia.org/T424140 - |
01 Jul 2026, 05:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-01 05:16
Updated : 2026-07-06 20:25
NVD link : CVE-2026-58519
Mitre link : CVE-2026-58519
CVE.ORG link : CVE-2026-58519
JSON object : View
Products Affected
mediawiki
- cargo
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
