Description

Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2009-0737

Related Vulnerabilities

Perl Resource Management Errors Vulnerability (CVE-2013-1667)

Internet Information Services Unchecked Return Value Vulnerability (CVE-2005-4360)

WordPress Plugin WP Hotel Booking PHP Object Injection (1.10.3)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4999)

WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Server-Side Request Forgery (2.1.6)

Severity

Low

Classification

CVE-2009-0737 CWE-707

Tags

Missing Update Known Vulnerabilities