Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Good to know:
Date: April 26, 2011
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578.
Related Resources (5)
Weakness Type (CWE)
Cross-Site Scripting (XSS)CWE-79
Upgrade to version 1.16.4
|Attack Vector (AV):||NETWORK|
|Attack Complexity (AC):||HIGH|
|Privileges Required (PR):||NONE|
|User Interaction (UI):||NONE|
|Access Vector (AV):||NETWORK|
|Access Complexity (AC):||MEDIUM|