Description

Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links.

Remediation

References

CVE-2016-6334

Related Vulnerabilities

Drupal Core 8.7.x Cross-Site Scripting (8.7.0 - 8.7.11)

WordPress Plugin WPJobBoard SQL Injection (5.6.4)

WordPress 2.0.4 Multiple Security Vulnerabilities (2.0.4)

Joomla Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2018-11325)

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5502)

Severity

Medium

Classification

CVE-2016-6334 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities