Description

Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter.

Remediation

References

CVE-2014-9477

Related Vulnerabilities

PHP Improper Input Validation Vulnerability (CVE-2014-3480)

Oracle Database Server Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2007-5508)

GlassFish CVE-2016-5528 Vulnerability (CVE-2016-5528)

Ruby on Rails Improper Input Validation Vulnerability (CVE-2011-3187)

WordPress Plugin Share Buttons by AddThis Backdoor (2.1.2)

Severity

Medium

Classification

CVE-2014-9477 CWE-707

Tags

Missing Update Known Vulnerabilities