Description

Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts.

Remediation

References

CVE-2014-9480

Related Vulnerabilities

WordPress Plugin InfiniteWP Client PHP Object Injection (1.6.0)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1830)

WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner Cross-Site Scripting (3.1.2)

MySQL CVE-2017-3461 Vulnerability (CVE-2017-3461)

PHP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-5658)

Severity

Medium

Classification

CVE-2014-9480 CWE-707

Tags

Missing Update Known Vulnerabilities