Back to search
CVE-2014-7295
Published: Oct 7, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugzilla.wikimedia.org/show_bug.cgi?id=70672
x_refsource_CONFIRM
[MediaWiki-announce] 20141002 MediaWiki Security and Maintenance Releases: 1.19.20, 1.22.12 and 1.23.5
mailing-list
x_refsource_MLIST
DSA-3046
vendor-advisory
x_refsource_DEBIAN
61752
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20141002 Re: CVE request: Mediawiki before 1.19.20, 1.22.12, 1.23.5 XSS through CSS
mailing-list
x_refsource_MLIST
70238
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now