CVEDB API - Fast Vulnerability Dashboard

Vulnerabilities

Vulnerable Software

Mediawiki: >> Mediawiki >> 1.24.1 Security Vulnerabilities

CVE-2015-2933

Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant.

CVSS Score

4.3

EPSS Score

0.004

Published

2015-04-13

CVE-2015-2932

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element.

CVSS Score

4.3

EPSS Score

0.004

Published

2015-04-13

CVE-2015-2931

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI.

CVSS Score

4.3

EPSS Score

0.004

Published

2015-04-13

Prev

Page 21

Products

Pricing

Contact Us

support@shodan.io

Shodan ® - All rights reserved