Description

Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page.

Remediation

References

CVE-2012-2698

Related Vulnerabilities

WordPress 4.4.x Directory Traversal (4.4 - 4.4.32)

WordPress Plugin WordPress Simple Shopping Cart Cross-Site Request Forgery (3.5)

WordPress Plugin iframe Cross-Site Scripting (4.4)

WordPress Plugin Active Directory Integration/LDAP Integration Unspecified Vulnerability (3.6.95)

WordPress Plugin WP-PostRatings Cross-Site Scripting (1.50)

Severity

Medium

Classification

CVE-2012-2698 CWE-707

Tags

Missing Update Known Vulnerabilities