Description

Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter.

Remediation

References

CVE-2009-4589

Related Vulnerabilities

WordPress Plugin Booking Package-Appointment Booking Calendar System Cross-Site Scripting (1.5.10)

PHP Other Vulnerability (CVE-2015-1352)

TYPO3 7PK - Security Features Vulnerability (CVE-2016-5091)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4589)

PHP Other Vulnerability (CVE-2015-4600)

Severity

Medium

Classification

CVE-2009-4589 CWE-707

Tags

Missing Update Known Vulnerabilities