Description

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."

Remediation

References

CVE-2015-6730

Related Vulnerabilities

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-37149)

WordPress Plugin UnGallery 'search' Parameter Remote Arbitrary Command Execution (2.1.5)

WordPress Plugin Floating Chat Widget:Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button-Chaty Multiple Cross-Site Scripting Vulnerabilities (2.8.3)

WordPress Plugin Simple Page Ordering Cross-Site Scripting (2.2.1)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-3378)

Severity

Medium

Classification

CVE-2015-6730 CWE-707

Tags

Missing Update Known Vulnerabilities