Description

Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character.

Remediation

References

CVE-2006-2611

Related Vulnerabilities

OpenSSL Out-of-bounds Write Vulnerability (CVE-2022-2274)

WordPress Plugin Help Desk & Knowledgebase Software PHP Object Injection (1.3.11)

MySQL CVE-2012-1735 Vulnerability (CVE-2012-1735)

WordPress Plugin Network Publisher 'networkpub_key' Parameter Cross-Site Scripting (5.0.1)

WordPress Plugin bbPress Move Topics PHP Object Injection (1.1.4)

Severity

Medium

Classification

CVE-2006-2611

Tags

Missing Update Known Vulnerabilities