EUVD-2014-9297

Malware in sbrugna...

PT-2025-4300 · Unknown · Tabberneue

Name of the Vulnerable Software and Affected Versions: TabberNeue versions prior to 2.7.2 Description: The issue arises from unescaped user input being used to construct HTML, allowing any user who can edit pages or render wikitext to perform cross-site scripting XSS attacks on other users...

MediaWiki ExpandTemplates Extension < 1.24.1 Multiple Vulnerabilities (Jan 2015) - Active Check

The ExpandTemplates extension for MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross site scripting

Cross-site scripting XSS vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page...

CVE-2014-9478

CVE-2014-9478 affects the MediaWiki ExpandTemplates extension. The vulnerability is a cross-site scripting (XSS) flaw in the preview mode when $wgRawHTML is true, allowing remote attackers to inject arbitrary script/HTML via the wpInput parameter on Special:ExpandTemplates. OpenVAS notes this as ...