Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-7295)

Description

The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css.

Remediation

References

Related Vulnerabilities

MyBB Improper Access Control Vulnerability (CVE-2016-9412)

WordPress Plugin All-in-One WP Migration Remote Code Execution (2.0.2)

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-37150)

Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-12528)

WordPress Plugin Smart Forms-when you need more than just a contact form Security Bypass (2.6.70)

Severity

Low

Classification

CVE-2014-7295 CWE-707

Tags

Missing Update Known Vulnerabilities