Description

Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page.

Remediation

References

CVE-2014-9478

Related Vulnerabilities

PHP Other Vulnerability (CVE-2004-1018)

Oracle Database Server CVE-2014-6545 Vulnerability (CVE-2014-6545)

WordPress 'blog.header.php' Multiple SQL Injection Vulnerabilities (0.6.2 - 0.71)

WordPress Plugin Import CSV Directory Traversal (1.0)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8656)

Severity

Low

Classification

CVE-2014-9478 CWE-707

Tags

Missing Update Known Vulnerabilities