Description

Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer.

Remediation

References

CVE-2007-1054

Related Vulnerabilities

WordPress Plugin Annonces 'theme.php' Arbitrary File Upload (1.2.0.1)

WordPress Plugin WordPress Infinite Scroll-Ajax Load More Arbitrary File Upload (2.8.1.1)

Drupal Core 9.0.x Directory Traversal (9.0.0 - 9.0.14)

Oracle Application Server CVE-2008-0346 Vulnerability (CVE-2008-0346)

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2014-0118)

Severity

Medium

Classification

CVE-2007-1054

Tags

Missing Update Known Vulnerabilities