5 matches found
CVE-2026-34095 action=raw with Special:Mypage subpage title responds with "Content-Type: text/html" on ctype=text/javascript request
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/ActionEntryPoint.Php, includes/Request/FauxResponse.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...
CVE-2026-34095 action=raw with Special:Mypage subpage title responds with "Content-Type: text/html" on ctype=text/javascript request
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/ActionEntryPoint.Php, includes/Request/FauxResponse.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...
CVE-2026-34095
CVE-2026-34095 is a MediaWiki vulnerability affecting systems running before 1.43.7, 1.44.4, or 1.45.2, with the issue tied to the core files includes/Actions/ActionEntryPoint.Php and includes/Request/FauxResponse.Php. The connected advisories identify this CVE among a set of MediaWiki flaws and ...
CVE-2014-5242
Cross-site scripting XSS vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value...
CVE-2014-5242
Cross-site scripting XSS vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value...