Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2015-2941 - Vulnerability Database
MediaWiki

MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2015-2941

Medium
Reference: CVE-2015-2941
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-2941
Title: MediaWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24 1.2x before 1.23.9 and 1.24.x before 1.24.2 when using HHVM allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php which is not properly handled in an error message related to unsafe calls to wddx_serialize_value.