5 matches found
MediaWiki < 1.19.24 / 1.23.9 / 1.24.2 Multiple Vulnerabilities
According to its version number, the MediaWiki application running on the remote host is affected by the following vulnerabilities : - An input validation error exists related to handling API errors that allows reflected cross-site scripting attacks. CVE-2014-9714, CVE-2015-2941 - An input...
[ MDVSA-2015:200 ] mediawiki
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:200 http://www.mandriva.com/en/support/security/ Package : mediawiki Date : April 10, 2015 Affected: Business Server 1.0 Problem Description: Updated mediawiki packages fix security vulnerabilities: In...
CVE-2015-2934
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xmlparse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file...
CVE-2015-2934
MediaWiki vulnerability CVE-2015-2934 affects MediaWiki versions before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2. The issue arises from the Zend xml_parse function not expanding entities, enabling remote attackers to inject arbitrary web script or HTML via a crafted SVG file. Impact ...
CVE-2015-2934
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xmlparse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file...