Description

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT."

Remediation

References

CVE-2015-2935

Related Vulnerabilities

PHP Other Vulnerability (CVE-2007-4659)

Apache Tomcat Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-12615)

SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-0971)

WordPress Plugin WP Widget Cache Cross-Site Scripting (0.26)

Apache Tomcat Insecure Default Initialization of Resource Vulnerability (CVE-2018-8014)

Severity

Medium

Classification

CVE-2015-2935 CWE-200

Tags

Missing Update Known Vulnerabilities