Description

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.

Remediation

References

CVE-2014-7199

Related Vulnerabilities

Nexus Repository Manager Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-11415)

WordPress Plugin Video.js-HTML5 Video Player for Wordpress Cross-Site Scripting (4.5.0)

WordPress Plugin WP Crontrol Cross-Site Scripting (1.2.3)

TYPO3 CVE-2024-25121 Vulnerability (CVE-2024-25121)

Jboss EAP CVE-2013-1862 Vulnerability (CVE-2013-1862)

Severity

Medium

Classification

CVE-2014-7199 CWE-707

Tags

Missing Update Known Vulnerabilities