Description

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT."

Remediation

References

CVE-2015-2935

Related Vulnerabilities

Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2015-1433)

WordPress Plugin External Links-nofollow, noopener & new window Multiple Cross-Site Scripting Vulnerabilities (1.80)

WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (3.5.3)

Apache HTTP Server Improper Input Validation Vulnerability (CVE-2011-4317)

MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7321)

Severity

Medium

Classification

CVE-2015-2935 CWE-200

Tags

Missing Update Known Vulnerabilities