Description

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."

Remediation

References

CVE-2015-6730

Related Vulnerabilities

MySQL CVE-2015-2571 Vulnerability (CVE-2015-2571)

Drupal Core 9.3.x Security Bypass (9.3.0 - 9.3.11)

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.28)

Artifactory Incorrect Authorization Vulnerability (CVE-2021-45730)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41174)

Severity

Medium

Classification

CVE-2015-6730 CWE-707

Tags

Missing Update Known Vulnerabilities