CVE-2025-62671

Mediawiki Cargo < 3.8.3 - XSS

Title source: rule

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: master.

References (2)

[Issue Tracking] https://phabricator.wikimedia.org/T402147

[Various Sources] https://gerrit.wikimedia.org/r/1179707

Scores

EPSS 0.0009

EPSS Percentile 25.6%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

mediawiki/cargo < 3.8.3Packagist

Timeline

Published Oct 18, 2025

Tracked Since Feb 18, 2026