Description

Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE-2007-0177.

Remediation

References

CVE-2007-1055

Related Vulnerabilities

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5286)

WordPress Plugin Gantry 4 Framework Cross-Site Scripting (4.1.5)

Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3375)

WordPress Plugin Frontend Uploader Cross-Site Scripting (1.3.2)

WordPress Plugin MainWP Child-Securely connects sites to the MainWP WordPress Manager Dashboard Unspecified Vulnerability (2.0.27)

Severity

Medium

Classification

CVE-2007-1055 CWE-94

Tags

Missing Update Known Vulnerabilities