Description

Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter.

Remediation

References

CVE-2009-4589

Related Vulnerabilities

Oracle Database Server CVE-2011-0881 Vulnerability (CVE-2011-0881)

MySQL CVE-2017-10314 Vulnerability (CVE-2017-10314)

MySQL CVE-2014-0430 Vulnerability (CVE-2014-0430)

Magento CVE-2019-8150 Vulnerability (CVE-2019-8150)

WordPress Plugin Video Conferencing with Zoom Cross-Site Scripting (4.0.9)

Severity

Medium

Classification

CVE-2009-4589 CWE-707

Tags

Missing Update Known Vulnerabilities