Back to search
CVE-2012-2698
Published: Jun 29, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[MediaWiki-announce] 20120613 MediaWiki security release 1.17.5
mailing-list
x_refsource_MLIST
https://www.mediawiki.org/wiki/Release_notes/1.18
x_refsource_CONFIRM
82983
vdb-entry
x_refsource_OSVDB
[MediaWiki-announce] 20120613 MediaWiki security release 1.18.4
mailing-list
x_refsource_MLIST
49484
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.wikimedia.org/show_bug.cgi?id=36938
x_refsource_CONFIRM
1027179
vdb-entry
x_refsource_SECTRACK
https://www.mediawiki.org/wiki/Release_notes/1.19
x_refsource_CONFIRM
mediawiki-index-uselang-xss(76311)
vdb-entry
x_refsource_XF
https://www.mediawiki.org/wiki/Release_notes/1.17
x_refsource_CONFIRM
https://gerrit.wikimedia.org/r/#/c/7979/1/includes/SkinTemplate.php
x_refsource_CONFIRM
[oss-security] 20120613 Re: CVE request: XSS in uselang http parameter (mediawiki)
mailing-list
x_refsource_MLIST
[MediaWiki-announce] 20120613 MediaWiki security release 1.19.1
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now