Description

Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.

Remediation

References

CVE-2014-2853

Related Vulnerabilities

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4191)

WordPress Plugin Age Verification 'redirect_to' Parameter URI Redirection (0.4)

phpMyAdmin Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-9849)

Oracle JRE CVE-2024-20926 Vulnerability (CVE-2024-20926)

Joomla! Core 3.x.x Local File Inclusion (3.0.0 - 3.9.25)

Severity

Medium

Classification

CVE-2014-2853 CWE-707

Tags

Missing Update Known Vulnerabilities