CVE-2014-9507

MediaWiki is affected (versions 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7) when the configuration option $wgContentHandlerUseDB is enabled. The vulnerability allows remote attackers to perform cross-site scripting (XSS) by setting the content model for a revision to JS. The issue is...