Description

Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter.

Remediation

References

CVE-2014-9477

Related Vulnerabilities

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5097)

WordPress Plugin wpDataTables-WordPress Data Table, Dynamic Tables & Table Charts (Premium) Multiple Vulnerabilities (3.4.1)

WordPress Plugin Verve Meta Boxes TimThumb Arbitrary File Upload (1.2.8)

MySQL CVE-2021-2154 Vulnerability (CVE-2021-2154)

WordPress Plugin WordPress Calls to Action Cross-Site Scripting (2.2.7)

Severity

Medium

Classification

CVE-2014-9477 CWE-707

Tags

Missing Update Known Vulnerabilities