Description

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.

Remediation

References

CVE-2014-7199

Related Vulnerabilities

WordPress Plugin WordPress Backend Customizer-Everest Admin Theme Lite includes Backdoor [Only if downloaded via the vendor website] (1.0.7)

Oracle JRE CVE-2012-0504 Vulnerability (CVE-2012-0504)

WordPress Plugin Fusion:Extension-Gallery Multiple Unspecified Vulnerabilities (1.0.4)

ProjectSend Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-11492)

Coppermine Cross-site Scripting (XSS) Vulnerability (CVE-2015-3921)

Severity

Medium

Classification

CVE-2014-7199 CWE-707

Tags

Missing Update Known Vulnerabilities