Description

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element.

Remediation

References

CVE-2015-2932

Related Vulnerabilities

WordPress Plugin Slimstat Analytics SQL Injection (5.0.4)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20280)

WordPress Plugin Calendar by WD-Responsive Event Calendar for WordPress Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.3.0)

WordPress Plugin Data Tables Generator by Supsystic Multiple Vulnerabilities (1.9.96)

WordPress Plugin Backup Bank:WordPress Backup Security Bypass (4.0.28)

Severity

Medium

Classification

CVE-2015-2932 CWE-707

Tags

Missing Update Known Vulnerabilities