CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/04/07 9:32 p.m.•0 views

EUVD-2026-19927

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

EUVD•added 2026/04/07 9:32 p.m.•0 views

EUVD-2026-19929

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

5.1CVSS5.9AI score0.00033EPSS

NVD•added 2026/04/07 8:16 p.m.•0 views

CVE-2026-39841

NVD•added 2026/04/07 8:16 p.m.•0 views

CVE-2026-39837

NVD•added 2026/04/07 8:16 p.m.•3 views

CVE-2026-39840

6.1CVSS0.00033EPSS

NVD•added 2026/04/07 8:16 p.m.•2 views

CVE-2026-39839

6.3CVSS0.00032EPSS

CVE•added 2026/04/07 7:47 p.m.•4 views

CVE-2026-39837

CVE-2026-39837 is a stored XSS vulnerability in the WikiWorks MediaWiki – Cargo Extension affecting versions before 3.8.7. The issue stems from the improper neutralization of Script-Related HTML tags in a web page, enabling stored cross-site scripting. The connected records do not provide explici...

Exploits1References2Affected Software1

Vulnrichment•added 2026/04/07 7:47 p.m.•1 views

CVE-2026-39837 Stored XSS through the dynamic table format in Cargo

Cvelist•added 2026/04/07 7:47 p.m.•13 views

CVE-2026-39837 Stored XSS through the dynamic table format in Cargo

ATTACKERKB•added 2026/04/07 7:47 p.m.•2 views

CVE-2026-39837

Cvelist•added 2026/04/07 7:43 p.m.•13 views

CVE-2026-39841 Stored XSS through list fields on Cargo's page values and Special:CargoTables

CVE•added 2026/04/07 7:43 p.m.•7 views

CVE-2026-39841

The CVE-2026-39841 vulnerability is a Stored XSS in the MediaWiki Cargo Extension (pre-3.8.7) due to improper neutralization of Script-Related HTML tags in list fields on Cargo pages and Special:CargoTables. This affects how Cargo handles page values, allowing injected scripts to be stored and po...

Exploits1References2Affected Software1

ATTACKERKB•added 2026/04/07 7:43 p.m.•1 views

CVE-2026-39841

Vulnrichment•added 2026/04/07 7:43 p.m.•0 views

CVE-2026-39841 Stored XSS through list fields on Cargo's page values and Special:CargoTables

Cvelist•added 2026/04/07 7:35 p.m.•13 views

CVE-2026-39840 CSS injection in multiple Cargo display formats

5.1CVSS0.00033EPSS

CVE•added 2026/04/07 7:35 p.m.•4 views

CVE-2026-39840

The CVE-2026-39840 issue affects Wikimedia Foundation MediaWiki’s Cargo Extension (before version 3.8.7). It is caused by improper neutralization of input during web page generation, enabling cross-site scripting (XSS) that targets non-script elements. Impact is user-side script execution with th...

6.1CVSS5.9AI score0.00033EPSS

Exploits1References2Affected Software1

ATTACKERKB•added 2026/04/07 7:35 p.m.•1 views

CVE-2026-39840

5.1CVSS5.9AI score0.00033EPSS

Cvelist•added 2026/04/07 7:29 p.m.•14 views

CVE-2026-39839 Stored XSS through URLs in Cargo's map format

6.3CVSS0.00032EPSS