WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2934)

Description

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.

Remediation

References

Related Vulnerabilities

Moodle Other Vulnerability (CVE-2007-1647)

Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.5)

WordPress Plugin Cool Video Gallery Command Injection (1.9)

WordPress Plugin Contact Form DB-Elementor Cross-Site Scripting (1.7)

WordPress Plugin WP Mobile Menu-The Mobile-Friendly Responsive Menu Security Bypass (2.7.2)

Severity

Medium

Classification

CVE-2015-2934 CWE-707

Tags

Missing Update Known Vulnerabilities