Vulnerabilities

CVE-2015-8622

by Fred · 23/03/2017

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named "javascript:alert(‘XSS!’)."

Date published : 2017-03-23

https://phabricator.wikimedia.org/T117899

https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html

Similar

Tags: Cybersecurity Alert