CVE-2014-9478 in MediaWiki信息

摘要

由 MITRE

Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

来源

Do you want to use VulDB in your project?

Use the official API to access entries easily!