Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2008-12-19T17:00:00
Updated: 2024-08-07T10:49:11.913Z
Reserved: 2008-11-26T00:00:00
Link: CVE-2008-5250
Vulnrichment
No data.
NVD
Status : Modified
Published: 2008-12-19T17:30:03.110
Modified: 2024-11-21T00:53:39.973
Link: CVE-2008-5250
Redhat
No data.