Description
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.
Remediation
References
Related Vulnerabilities
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2086)
Joomla! Core 3.x.x Cross-Site Scripting (3.1.0 - 3.9.23)
PHP Other Vulnerability (CVE-2007-1584)
WordPress Plugin WordPress Video Player Multiple Vulnerabilities (1.5.4)
Oracle Application Server CVE-2006-3714 Vulnerability (CVE-2006-3714)