Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2015-04-13 07:59
Updated : 2016-12-07 10:10
NVD link : CVE-2015-2933
Mitre link : CVE-2015-2933
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
mediawiki
- mediawiki