Description

Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

Remediation

References

CVE-2005-3167

Related Vulnerabilities

WordPress Plugin PayPal Digital Goods powered by Cleeng Cross-Site Scripting (2.2.13)

Oracle Database Server CVE-2010-2419 Vulnerability (CVE-2010-2419)

OpenSSL Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2015-3216)

Oracle Application Server Other Vulnerability (CVE-2005-1495)

PHP Resource Management Errors Vulnerability (CVE-2015-4024)

Severity

Medium

Classification

CVE-2005-3167

Tags

Missing Update Known Vulnerabilities