CVE-2026-39839

Summary

Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7.

Affected Software

VendorProductVersion RangeStatus
Wikimedia FoundationMediawiki - Cargo Extension0 < 3.8.7affected

Weaknesses

  • CWE-80: CWE-80 Improper neutralization of Script-Related HTML tags in a web page (basic XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References