Description

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Remediation

References

CVE-2005-1245

Related Vulnerabilities

WordPress Plugin BezahlCode-Generator 'gen_name' Parameter Cross-Site Scripting (1.0)

WordPress Plugin WP Flash Player Multiple Cross-Site Scripting Vulnerabilities (1.3)

Mailman Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5950)

WordPress Plugin WooCommerce PDF Invoices & Packing Slips Cross-Site Scripting (2.0.12)

Python Integer Overflow or Wraparound Vulnerability (CVE-2008-3143)

Severity

Medium

Classification

CVE-2005-1245

Tags

Missing Update Known Vulnerabilities