Description

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php.

Remediation

References

CVE-2012-4378

Related Vulnerabilities

MySQL CVE-2012-0117 Vulnerability (CVE-2012-0117)

Perl Numeric Errors Vulnerability (CVE-2010-1158)

WordPress Plugin File Manager Cross-Site Scripting (7.0)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (2.9.31)

Drupal Core 9.1.x Cross-Site Scripting (9.1.0 - 9.1.6)

Severity

Medium

Classification

CVE-2012-4378 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities