Description

Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant.

Remediation

References

CVE-2015-2933

Related Vulnerabilities

Drupal Core 8.6.x Remote Code Execution (8.6.0 - 8.6.9)

Drupal Other Vulnerability (CVE-2006-2832)

WordPress Plugin GigPress Multiple SQL Injection Vulnerabilities (2.3.8)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-46148)

MySQL CVE-2021-2194 Vulnerability (CVE-2021-2194)

Severity

Medium

Classification

CVE-2015-2933 CWE-707

Tags

Missing Update Known Vulnerabilities