Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2005-10-06T04:00:00
Updated: 2024-08-07T23:01:58.969Z
Reserved: 2005-10-06T00:00:00
Link: CVE-2005-3167
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2005-10-06T10:02:00.000
Modified: 2008-09-05T20:53:38.437
Link: CVE-2005-3167
Redhat
No data.