Description

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file.

Remediation

References

CVE-2015-2938

Related Vulnerabilities

MySQL CVE-2022-21444 Vulnerability (CVE-2022-21444)

phpMyFAQ Other Vulnerability (CVE-2005-0702)

WordPress Plugin Product Reviews Import Export for WooCommerce CSV Injection (1.4.8)

Oracle Database Server CVE-2018-3004 Vulnerability (CVE-2018-3004)

WordPress Plugin bbPress Move Topics PHP Object Injection (1.1.4)

Severity

Medium

Classification

CVE-2015-2938 CWE-707

Tags

Missing Update Known Vulnerabilities