Description

Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2007-4828

Related Vulnerabilities

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-29905)

WordPress Plugin MainWP Child Reports SQL Injection (2.0.7)

XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-31465)

WordPress Plugin Newsletter-Send awesome emails from WordPress Multiple Vulnerabilities (6.8.1)

FrontAccounting Cross-site Request Forgery (CSRF) Vulnerability (CVE-2018-7176)

Severity

Medium

Classification

CVE-2007-4828 CWE-707

Tags

Missing Update Known Vulnerabilities