Description

Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component.

Remediation

References

CVE-2008-4408

Related Vulnerabilities

WordPress Plugin NextGEN Gallery-WordPress Gallery Multiple Cross-Site Scripting Vulnerabilities (2.1.20)

Oracle HTTP Server Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2022-0391)

MySQL CVE-2018-2762 Vulnerability (CVE-2018-2762)

WordPress Plugin Custom Fields Search by BestWebSoft Cross-Site Scripting (1.3.1)

Joomla Improper Input Validation Vulnerability (CVE-2016-8869)

Severity

Medium

Classification

CVE-2008-4408 CWE-707

Tags

Missing Update Known Vulnerabilities