Description

Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstrated using the CharInsert extension.

Remediation

References

CVE-2012-1582

Related Vulnerabilities

TYPO3 Other Vulnerability (CVE-2006-6690)

Ruby on Rails Improper Input Validation Vulnerability (CVE-2014-0082)

Omeka Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-3982)

Joomla! Core 1.7.x Cross-Site Scripting (1.7.0 - 1.7.2)

Apache Traffic Server CVE-2023-30631 Vulnerability (CVE-2023-30631)

Severity

Medium

Classification

CVE-2012-1582 CWE-707

Tags

Missing Update Known Vulnerabilities