Description

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients.

Remediation

References

CVE-2005-3165

Related Vulnerabilities

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-17775)

WebLogic CVE-2017-3531 Vulnerability (CVE-2017-3531)

WordPress Plugin WP-PostRatings Cross-Site Scripting (1.50)

WordPress Plugin Poll Maker Cross-Site Scripting (3.2.8)

Apache Tomcat Other Vulnerability (CVE-2001-0829)

Severity

Medium

Classification

CVE-2005-3165

Tags

Missing Update Known Vulnerabilities