Description

The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css.

Remediation

References

CVE-2014-7295

Related Vulnerabilities

Joomla Improper Input Validation Vulnerability (CVE-2013-5576)

Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28977)

Internet Information Services Other Vulnerability (CVE-2000-1104)

Apache Tomcat Other Vulnerability (CVE-2002-1148)

WordPress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2007-6318)

Severity

Low

Classification

CVE-2014-7295 CWE-707

Tags

Missing Update Known Vulnerabilities