All 5 CVE vulnerabilities found in Mediawiki - Cargo Extension, with AI-generated Chinese analysis, references, and POCs.
Vendor: The Wikimedia Foundation
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2026-39837 | Stored XSS through the dynamic table format in Cargo CWE-80 | 6.1AI | MediumAI | 2026-04-07 |
| CVE-2026-39841 | Stored XSS through list fields on Cargo's page values and Special:CargoTables CWE-80 | 6.1AI | MediumAI | 2026-04-07 |
| CVE-2026-39840 | CSS injection in multiple Cargo display formats CWE-79 | 6.1AI | MediumAI | 2026-04-07 |
| CVE-2026-39839 | Stored XSS through URLs in Cargo's map format CWE-80 | 6.1AI | MediumAI | 2026-04-07 |
| CVE-2025-62671 | Stored XSS through wikitext in Cargo CWE-79 | 6.1AI | MediumAI | 2025-10-18 |
All 5 known CVE vulnerabilities affecting Mediawiki - Cargo Extension with full Chinese analysis, references, and POCs where available.