Description
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character.
Remediation
References
Related Vulnerabilities
Microsoft SQL Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2003-0230)
Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.9.19)
WordPress Plugin WP Maintenance Mode Cross-Site Scripting (2.2.3)
WordPress Plugin Recently Multiple Vulnerabilities (3.0.4)
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2017-3169)