mediawiki/cargo
Packagist3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting mediawiki/cargopage 1 of 1
- CVE-2024-23173MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.40.22024-01-12
An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied …
- CVE-2024-47847MEDIUMCVSS 6.1EG 6.1✓ Fixed in 3.6.12024-10-05
vulnerable: 0.10 ... 3.6 (39 versions)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X befo…
- CVE-2025-62671MEDIUMCVSS 6.9EG 6.9✓ Fixed in 3.8.32025-10-18
vulnerable: 0.10 ... 3.8.2 (45 versions)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: master.
Check whether mediawiki/cargo is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for mediawiki/cargo CVEs against the assets you own.
Start Free Scan →