Description

Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links.

Remediation

References

CVE-2016-6334

Related Vulnerabilities

Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.2.2)

WordPress Plugin Download Shortcode Local File Inclusion (0.2.3)

WordPress Plugin Thrive Ultimatum Security Bypass (2.3.9.3)

WordPress Plugin Portfolio Gallery-Image Gallery Cross-Site Request Forgery (1.1.2)

Envoy Proxy Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2019-9901)

Severity

Medium

Classification

CVE-2016-6334 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities