Description

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element.

Remediation

References

CVE-2015-2932

Related Vulnerabilities

WordPress Plugin VideoWhisper Video Presentation 'vw_upload.php' Arbitrary File Upload (3.17)

WordPress Plugin Smart Scroll Posts for WordPress includes Backdoor [Only if downloaded via the vendor website] (2.0.8)

WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.39)

WordPress Plugin Ajax Calendar 'example.php' Cross-Site Scripting (1.0)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6170)

Severity

Medium

Classification

CVE-2015-2932 CWE-707

Tags

Missing Update Known Vulnerabilities