Lucene search
K

35 matches found

NVD
NVD
added 2026/07/01 8:17 p.m.6 views

CVE-2026-14363

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...

9.8CVSS0.00294EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 7:22 p.m.36 views

CVE-2026-14363 Cargo Extension: SQLi in Special:Drilldown

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...

6.9CVSS0.00294EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/01 7:22 p.m.6 views

CVE-2026-14363

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...

6.9CVSS5.8AI score0.00294EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 6:16 p.m.12 views

CVE-2026-58521

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...

9.8CVSS0.00283EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 5:30 p.m.9 views

EUVD-2026-41102

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...

6.9CVSS5.8AI score0.00283EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 5:16 a.m.9 views

CVE-2026-58519

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension: from before 3.9.1...

6.9CVSS0.00134EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54920

Name of the Vulnerable Software and Affected Versions Mediawiki - Cargo Extension versions prior to 1.43.9 Mediawiki - Cargo Extension versions prior to 1.44.6 Mediawiki - Cargo Extension versions prior to 1.45.4 Description Improper neutralization of special elements used in an SQL command allow...

9.8CVSS6AI score0.00283EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54481

Name of the Vulnerable Software and Affected Versions Mediawiki - Cargo Extension versions prior to 3.9.1 Description Improper neutralization of input during web page generation leads to a Stored Cross-Site Scripting XSS issue. Stored XSS occurs when an application receives data from a user and...

6.9CVSS5.9AI score0.00134EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.12 views

CVE-2026-39841

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS5.4AI score0.00158EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-39840

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.1CVSS5.4AI score0.00158EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/07 9:32 p.m.3 views

EUVD-2026-19927

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS5.9AI score0.00189EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/07 9:32 p.m.4 views

EUVD-2026-19929

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

5.1CVSS5.9AI score0.00158EPSS
Exploits1References3
NVD
NVD
added 2026/04/07 8:16 p.m.3 views

CVE-2026-39841

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS0.00158EPSS
Exploits1References2
NVD
NVD
added 2026/04/07 8:16 p.m.8 views

CVE-2026-39840

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.1CVSS0.00158EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/07 7:47 p.m.17 views

CVE-2026-39837 Stored XSS through the dynamic table format in Cargo

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS0.00189EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 7:43 p.m.3 views

CVE-2026-39841

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS5.9AI score0.00158EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/07 7:35 p.m.3 views

CVE-2026-39840

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

5.1CVSS5.9AI score0.00158EPSS
Exploits1References3
CVE
CVE
added 2026/04/07 7:35 p.m.21 views

CVE-2026-39840

The CVE-2026-39840 issue affects Wikimedia Foundation MediaWiki’s Cargo Extension (before version 3.8.7). It is caused by improper neutralization of input during web page generation, enabling cross-site scripting (XSS) that targets non-script elements. Impact is user-side script execution with th...

6.1CVSS5.9AI score0.00158EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/07 7:29 p.m.11 views

CVE-2026-39839

CVE-2026-39839 affects Wikimedia Foundation MediaWiki Cargo Extension prior to 3.8.7. It is a Stored XSS vulnerability caused by improper neutralization of Script-Related HTML tags in a web page, exploitable via map format URLs stored by the extension. The impact is stored XSS with potential user...

6.3CVSS5.9AI score0.00181EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

MediaWiki - Cargo Extension 安全漏洞

MediaWiki - Cargo Extension is an open-source plugin for querying and storing data in MediaWiki. Versions of MediaWiki - Cargo Extension prior to 3.8.7 contained security vulnerabilities. These vulnerabilities were due to improper input during page generation, which could lead to cross-site...

6.1CVSS5.6AI score0.00158EPSS
Exploits1References2
Rows per page
Query Builder