Cross-Site Scripting Vulnerability in Wikimedia Foundation Mediawiki Cargo Extension
CVE-2026-58519
6.9MEDIUM
What is CVE-2026-58519?
The Mediawiki - Cargo Extension by the Wikimedia Foundation contains a cross-site scripting vulnerability due to improper input neutralization during web page generation. This flaw allows remote attackers to inject malicious scripts that can be executed in the context of user browsers. It primarily targets versions earlier than 3.9.1, leading to potentially harmful consequences for users interacting with compromised pages.
Affected Version(s)
Mediawiki - Cargo Extension * < 3.9.1
