WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-4828)

Description

Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

Related Vulnerabilities

Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-39128)

concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-3989)

Ruby Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0256)

WordPress Plugin Highlight Cross-Site Scripting (0.9.2)

WordPress Plugin Secure File Manager Arbitrary File Upload (2.9.3)

Severity

Medium

Classification

CVE-2007-4828 CWE-707

Tags

Missing Update Known Vulnerabilities