Description

Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username.

Remediation

References

CVE-2014-3966

Related Vulnerabilities

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1582)

WordPress Plugin Contact Form by BestWebSoft Cross-Site Scripting (4.0.5)

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-2355)

WordPress Plugin NextGEN Gallery-WordPress Gallery Security Bypass (3.1.6)

Ruby on Rails CVE-2024-26144 Vulnerability (CVE-2024-26144)

Severity

Low

Classification

CVE-2014-3966 CWE-707

Tags

Missing Update Known Vulnerabilities