CVE-2014-9478 in MediaWikiالمعلومات

الملخص

بحسب MITRE

Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

المصادر

Do you know our Splunk app?

Download it now for free!