Mediawiki: >> Mediawiki >> 1.22.14 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts.
CVSS Score
4.3
EPSS Score
0.003
Published
2015-01-16
Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to Special:TemplateSandbox.
CVSS Score
4.3
EPSS Score
0.003
Published
2015-01-16
Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page.
CVSS Score
2.6
EPSS Score
0.003
Published
2015-01-16
Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter.
CVSS Score
4.3
EPSS Score
0.003
Published
2015-01-16
MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by "http://en.wikipedia.org.evilsite.example/."
CVSS Score
5.0
EPSS Score
0.009
Published
2015-01-16
Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message.
CVSS Score
3.5
EPSS Score
0.002
Published
2015-01-16
Page 22