Description

MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer.

Remediation

References

CVE-2005-4501

Related Vulnerabilities

Jboss Deserialization of Untrusted Data Vulnerability (CVE-2017-7504)

Internet Information Services Other Vulnerability (CVE-1999-1538)

WordPress Plugin FooBox Image Lightbox Security Bypass (2.6.3)

WordPress Plugin Keyword Strategy Internal Links Multiple Cross-Site Scripting Vulnerabilities (2.0)

IBM RTC CVE-2018-1694 Vulnerability (CVE-2018-1694)

Severity

Medium

Classification

CVE-2005-4501

Tags

Missing Update Known Vulnerabilities