Description

Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant.

Remediation

References

CVE-2015-2933

Related Vulnerabilities

Oracle JRE CVE-2014-2428 Vulnerability (CVE-2014-2428)

Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35955)

Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2016-9451)

Drupal Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-13670)

Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6925)

Severity

Medium

Classification

CVE-2015-2933 CWE-707

Tags

Missing Update Known Vulnerabilities