Description

MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS.

Remediation

References

CVE-2014-9507

Related Vulnerabilities

Dotclear Other Vulnerability (CVE-2007-3688)

Drupal Incorrect Authorization Vulnerability (CVE-2020-13676)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.5)

WordPress Plugin RSVPMaker SQL Injection (9.2.6)

MySQL CVE-2020-2679 Vulnerability (CVE-2020-2679)

Severity

Low

Classification

CVE-2014-9507 CWE-707

Tags

Missing Update Known Vulnerabilities