Description

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php.

Remediation

References

CVE-2012-4378

Related Vulnerabilities

WordPress Plugin YITH WooCommerce Frequently Bought Together Security Bypass (1.2.10)

OpenSSL Other Vulnerability (CVE-2010-4180)

WordPress Plugin Media Library Assistant Multiple Vulnerabilities (2.81)

WordPress Plugin Essential Blocks Pro Multiple PHP Object Injection Vulnerabilities (1.1.0)

WordPress Plugin Download Manager Multiple Cross-Site Scripting Vulnerabilities (3.2.48)

Severity

Medium

Classification

CVE-2012-4378 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities