The version of MediaWiki installed is 1.19.x earlier than 1.19.20, 1.22.x earlier than 1.22.12, or 1.23.x earlier than 1.23.5. Therefore, it is affected by the following XSS vulnerabilities :
- A flaw exists that allows a XSS attack. This flaw exists because the ‘includes/OutputPage.php’ script does not restrict JavaScript code embedded within CSS content before returning it to users. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server. (CVE-2013-7444)
- A flaw exists because the ‘includes/OutputPage.php’ script does not restrict JavaScript code embedded within CSS content before returning it to users. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server. (CVE-2014-7295)