Description
MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer.
Remediation
References
Related Vulnerabilities
Jenkins Improper Authentication Vulnerability (CVE-2014-2062)
WordPress Plugin Booking Ultra Pro Appointments Booking Calendar Local File Inclusion (1.1.13)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0837)
Mailman Other Vulnerability (CVE-2005-0202)
WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker SQL Injection (7.3.4)