6 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error...
UBUNTU-CVE-2015-2941
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error...
CVE-2015-2941
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error...
CVE-2015-2941
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error...
CVE-2015-2941
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error...
CVE-2015-2941
CVE-2015-2941 affects MediaWiki prior to 1.19.24, 1.2x prior to 1.23.9, and 1.24.x prior to 1.24.2 when HHVM is used. The vulnerability arises from improper handling of a wddx_serialize_value call in api.php for invalid parameters in a wddx format request, which can lead to cross-site scripting v...