3 matches found
CVE-2026-14363
CVE-2026-14363 affects the Wikimedia Foundation MediaWiki Cargo Extension and allows SQL injection due to improper neutralization of special elements in SQL commands. The issue impacts Cargo Extension versions before 1.43.9, 1.44.6, and 1.45.4 (i.e., these versions are vulnerable; later versions ...
EUVD-2024-20692
Malicious code in bioql PyPI...
GHSA-RHPM-63W5-79RG MediaWiki Cargo Extension Cross-site Scripting vulnerability
An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php...