2 matches found
CVE-2011-1765
Cross-site scripting XSS vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction wit...
Fedora 14 : mediawiki-1.16.5-59.fc14 (2011-6774)
MediaWiki 1.16.5 was released to correct two security flaws : The first issue is yet another recurrence of the Internet Explorer 6 XSS vulnerability that caused the release of 1.16.4. It was pointed out that there are dangerous extensions with more than four characters, so the regular expressions...