Cross-Site Scripting Vulnerability in Wikimedia Foundation Mediawiki Cargo Extension
CVE-2026-58519

6.9MEDIUM

What is CVE-2026-58519?

The Mediawiki - Cargo Extension by the Wikimedia Foundation contains a cross-site scripting vulnerability due to improper input neutralization during web page generation. This flaw allows remote attackers to inject malicious scripts that can be executed in the context of user browsers. It primarily targets versions earlier than 3.9.1, leading to potentially harmful consequences for users interacting with compromised pages.

Affected Version(s)

Mediawiki - Cargo Extension * < 3.9.1

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SomeRandomDeveloper
.