Cross-site scripting (XSS) vulnerability in the PageTriage toolbar in the PageTriage extension for MediWiki allows remote attackers to inject arbitrary web script or HTML via the page title.
References
Link | Resource |
---|---|
http://www.securitytracker.com/id/1034028 | |
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.html | Patch Vendor Advisory |
https://phabricator.wikimedia.org/T111029 | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2015-11-09 18:59
Updated : 2015-11-10 18:27
NVD link : CVE-2015-8006
Mitre link : CVE-2015-8006
CVE.ORG link : CVE-2015-8006
JSON object : View
Products Affected
pagetriage_project
- pagetriage
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')