Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2014-2242 - Vulnerability Database
MediaWiki

MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2014-2242

Medium
Reference: CVE-2014-2242
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-2242
Title: MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

includes/upload/UploadBase.php in MediaWiki before 1.19.12 1.20.x and 1.21.x before 1.21.6 and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element.