Description

Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username.

Remediation

References

CVE-2014-3966

Related Vulnerabilities

Seo Panel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-28419)

WordPress Plugin Answer My Question Multiple Cross-Site Scripting Vulnerabilities (1.1)

WordPress Plugin Import all XML, CSV & TXT into WordPress Arbitrary File Upload (6.4)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3963)

WordPress Plugin Store Locator Plus for WordPress Cross-Site Scripting (4.5.10)

Severity

Low

Classification

CVE-2014-3966 CWE-707

Tags

Missing Update Known Vulnerabilities