logo

Database

Server side cross-site scripting In mediawiki/cargo

Description

Cargo Mediawiki Extension vulnerable to Cross-site Scripting Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension befor 3.8.3.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2025-626712. NVD-2025-626713. OSV-2025-626714. GCVE-2025-62671

References

1. https://github.com/wikimedia/mediawiki-extensions-Cargo/commit/e50915626c0d9a7b222dabc94ddfcb516caf557d2. https://gerrit.wikimedia.org/r/11797073. https://phabricator.wikimedia.org/T402147

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.