Description

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI.

Remediation

References

CVE-2015-2931

Related Vulnerabilities

MySQL CVE-2014-2431 Vulnerability (CVE-2014-2431)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.4)

Magento Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2019-8154)

WordPress Plugin Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, Aweber-MailOptin Security Bypass (1.2.49.0)

MySQL CVE-2012-3166 Vulnerability (CVE-2012-3166)

Severity

Medium

Classification

CVE-2015-2931 CWE-707

Tags

Missing Update Known Vulnerabilities