Back to search
CVE-2011-1578
Published: Apr 27, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
mediawiki-file-extensions-xss(66737)
vdb-entry
x_refsource_XF
FEDORA-2011-5495
vendor-advisory
x_refsource_FEDORA
ADV-2011-0978
vdb-entry
x_refsource_VUPEN
FEDORA-2011-5807
vendor-advisory
x_refsource_FEDORA
47354
vdb-entry
x_refsource_BID
44142
third-party-advisory
x_refsource_SECUNIA
FEDORA-2011-5848
vendor-advisory
x_refsource_FEDORA
ADV-2011-1151
vdb-entry
x_refsource_VUPEN
DSA-2366
vendor-advisory
x_refsource_DEBIAN
https://bugzilla.redhat.com/show_bug.cgi?id=696360
x_refsource_CONFIRM
[mediawiki-announce] 20110412 MediaWiki security release 1.16.3
mailing-list
x_refsource_MLIST
ADV-2011-1100
vdb-entry
x_refsource_VUPEN
FEDORA-2011-5812
vendor-advisory
x_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=695577
x_refsource_CONFIRM
[oss-security] 20110413 Re: CVE request: mediawiki 1.16.3
mailing-list
x_refsource_MLIST
https://bugzilla.wikimedia.org/show_bug.cgi?id=28235
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now