Description

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888.

Remediation

References

CVE-2005-2215

Related Vulnerabilities

PHP Improper Input Validation Vulnerability (CVE-2012-0788)

YetiForce CRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-49508)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3723)

Oracle JRE CVE-2020-2805 Vulnerability (CVE-2020-2805)

Ruby Improper Input Validation Vulnerability (CVE-2017-6181)

Severity

Medium

Classification

CVE-2005-2215

Tags

Missing Update Known Vulnerabilities