Description

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.

Remediation

References

CVE-2014-7199

Related Vulnerabilities

WordPress Plugin Participants Database SQL Injection (1.5.4.8)

Zope Web Application Server Resource Management Errors Vulnerability (CVE-2008-5102)

WordPress Plugin Uji Countdown Cross-Site Scripting (2.0.6)

WordPress Plugin Better WordPress reCAPTCHA (with no CAPTCHA reCAPTCHA) Cross-Site Scripting (2.0.3)

Oracle JRE CVE-2013-1540 Vulnerability (CVE-2013-1540)

Severity

Medium

Classification

CVE-2014-7199 CWE-707

Tags

Missing Update Known Vulnerabilities