WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-5250)

Description

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page.

Remediation

References

Related Vulnerabilities

Oracle JRE CVE-2013-0429 Vulnerability (CVE-2013-0429)

Drupal Improper Input Validation Vulnerability (CVE-2013-6389)

MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-9240)

Oracle Database Server CVE-2012-0520 Vulnerability (CVE-2012-0520)

Jboss EAP Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-16869)

Severity

Low

Classification

CVE-2008-5250 CWE-707

Tags

Missing Update Known Vulnerabilities