CVE-2014-3966

2014-06-06T14:55:00
ID CVE-2014-3966
Type cve
Reporter cve@mitre.org
Modified 2017-12-29T02:29:00

Description

Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username.