Mediawiki: >> Mediawiki >> stable_2003-11-07 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka "CSS injection vulnerability."
CVSS Score
4.3
EPSS Score
0.007
Published
2011-02-04
MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVSS Score
5.8
EPSS Score
0.009
Published
2011-01-11
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates.
CVSS Score
4.3
EPSS Score
0.004
Published
2005-06-06