Description

Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page.

Remediation

References

CVE-2012-2698

Related Vulnerabilities

MySQL CVE-2020-2589 Vulnerability (CVE-2020-2589)

Internet Information Services Other Vulnerability (CVE-1999-1223)

MySQL CVE-2018-3082 Vulnerability (CVE-2018-3082)

IBM RTC Improper Privilege Management Vulnerability (CVE-2021-29774)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.1)

Severity

Medium

Classification

CVE-2012-2698 CWE-707

Tags

Missing Update Known Vulnerabilities