Description

Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter.

Remediation

References

CVE-2014-9477

Related Vulnerabilities

WordPress Plugin Login Widget With Shortcode Cross-Site Request Forgery (3.1.1)

WebLogic Out-of-bounds Write Vulnerability (CVE-2020-36518)

Drupal Improper Input Validation Vulnerability (CVE-2018-7600)

WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10152)

WordPress Plugin CM Answers Cross-Site Scripting (2.6.1)

Severity

Medium

Classification

CVE-2014-9477 CWE-707

Tags

Missing Update Known Vulnerabilities