Description

Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2009-0737

Related Vulnerabilities

WordPress Plugin FireDrum Email Marketing PHP Object Injection (1.47)

PHP CVE-2014-3479 Vulnerability (CVE-2014-3479)

PHP Other Vulnerability (CVE-2015-0232)

WordPress Plugin Lana Email Logger Cross-Site Scripting (1.0.2)

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-4393)

Severity

Low

Classification

CVE-2009-0737 CWE-707

Tags

Missing Update Known Vulnerabilities