Description

Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character.

Remediation

References

CVE-2006-2611

Related Vulnerabilities

Apache HTTP Server Other Vulnerability (CVE-2000-0869)

WordPress Plugin Thrive Apprentice Security Bypass (2.3.9.3)

Drupal Core 7.x Information Disclosure (7.0 - 7.14)

MySQL CVE-2020-2588 Vulnerability (CVE-2020-2588)

WordPress Plugin KNR Author List Widget 'listItem[]' Parameter SQL Injection (2.0.0)

Severity

Medium

Classification

CVE-2006-2611

Tags

Missing Update Known Vulnerabilities