XSS in Wikimedia Foundation Mediawiki - Cargo Extension

CVE-2026-39841

Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7.

EPSS: 0.000 (9.9th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References