XSS in Wikimedia Foundation Mediawiki - Cargo Extension
CVE-2026-39840
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.000 (9.9th percentile) — read the EPSS interpretation.
Affected products
- Wikimedia Foundation Mediawiki - Cargo Extension — versions 0