Cargo Mediawiki Extension vulnerable to Cross-site Scripting

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension befor 3.8.3...

CVE-2025-62671

CVE-2025-62671 is a Stored XSS vulnerability in the Mediawiki Cargo Extension (master). The issue arises from improper input neutralization during web page generation, allowing malicious scripts to be stored and executed when affected content is viewed. Affected component: mediawiki/cargo. Remedi...

PT-2024-2677 · Mediawiki +2 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.14 MediaWiki versions 1.36.x through 1.39.x before 1.39.6 MediaWiki versions 1.40.x before 1.40.2 Description: An issue in the Cargo extension of MediaWiki allows for XSS attacks via the artist, album, and...

CVE-2023-37256

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs...

CVE-2023-37254

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format...