Description

Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page.

Remediation

References

CVE-2014-9478

Related Vulnerabilities

Jenkins Origin Validation Error Vulnerability (CVE-2024-23898)

MySQL CVE-2021-2298 Vulnerability (CVE-2021-2298)

WordPress Plugin Swipe Checkout for WooCommerce Cross-Site Scripting (2.7.1)

PHP Other Vulnerability (CVE-2006-1015)

WordPress Plugin Hueman Addons Cross-Site Scripting (2.3.3)

Severity

Low

Classification

CVE-2014-9478 CWE-707

Tags

Missing Update Known Vulnerabilities