Description

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image.

Remediation

References

CVE-2012-4377

Related Vulnerabilities

Serendipity Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1916)

WordPress Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerability (CVE-2020-4047)

Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-7851)

Apache Traffic Server CVE-2023-44487 Vulnerability (CVE-2023-44487)

OpenSSL Other Vulnerability (CVE-2016-0705)

Severity

Medium

Classification

CVE-2012-4377 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities