Security Advisory

CVE-2026-39840

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-07 19:35:36

Last updated 2026-04-07 20:42:42

Assigner wikimedia-foundation

State PUBLISHED

Description

Improper neutralization of input during web page generation (cross-site scripting) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7.

← Browse all CVEs View on cve.org ↗