QwikSec

Security Database

CVE

CWE

Training

CVE-2015-8622

Published: Mar 23, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named "javascript:alert('XSS!')."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12

mailing-list

x_refsource_MLIST

[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12

mailing-list

x_refsource_MLIST

https://phabricator.wikimedia.org/T117899

x_refsource_CONFIRM

[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.