Required CVE Record Information
Description
Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page.
References 4 Total
- openwall.com: [oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23 mailing-list
- https://phabricator.wikimedia.org/T73111
- openwall.com: [oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23 mailing-list
- lists.wikimedia.org: [MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23 mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- openwall.com: [oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23 mailing-listx_transferred
- https://phabricator.wikimedia.org/T73111 x_transferred
- openwall.com: [oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23 mailing-listx_transferred
- lists.wikimedia.org: [MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23 mailing-listx_transferred