Description

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element.

Remediation

References

CVE-2015-2932

Related Vulnerabilities

Internet Information Services Other Vulnerability (CVE-2001-0334)

Ruby Numeric Errors Vulnerability (CVE-2009-1904)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.35)

PHP Uncontrolled Resource Consumption Vulnerability (CVE-2017-9119)

MySQL CVE-2022-21309 Vulnerability (CVE-2022-21309)

Severity

Medium

Classification

CVE-2015-2932 CWE-707

Tags

Missing Update Known Vulnerabilities