CVE-2015-2932
N/A
N/A
Summary
Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://security.gentoo.org/glsa/201510-05
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
- http://www.securityfocus.com/bid/73477
- http://www.openwall.com/lists/oss-security/2015/04/07/3
- http://www.openwall.com/lists/oss-security/2015/04/01/1
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
- https://phabricator.wikimedia.org/T86711
References
- https://security.gentoo.org/glsa/201510-05
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
- http://www.securityfocus.com/bid/73477
- http://www.openwall.com/lists/oss-security/2015/04/07/3
- http://www.openwall.com/lists/oss-security/2015/04/01/1
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
- https://phabricator.wikimedia.org/T86711
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.