Description

Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value.

Remediation

References

CVE-2014-5242

Related Vulnerabilities

SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17293)

WebLogic CVE-2022-21258 Vulnerability (CVE-2022-21258)

WordPress Plugin MediaRSS external gallery TimThumb Arbitrary File Upload (0.1)

MySQL CVE-2022-21326 Vulnerability (CVE-2022-21326)

WordPress Plugin Woo Custom Checkout Field Multiple Vulnerabilities (1.3.2)

Severity

Medium

Classification

CVE-2014-5242 CWE-707

Tags

Missing Update Known Vulnerabilities