Incomplete blacklist vulnerability in MediaWiki prior to 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote malicious users to conduct cross-site scripting (XSS) attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki 1.4.2 |
||
mediawiki mediawiki 1.4.3 |
||
mediawiki mediawiki 1.4.5 |
||
mediawiki mediawiki 1.4.6 |
||
mediawiki mediawiki 1.4.1 |
||
mediawiki mediawiki 1.4.8 |
||
mediawiki mediawiki 1.4_beta1 |
||
mediawiki mediawiki 1.4_beta6 |
||
mediawiki mediawiki 1.4_beta2 |
||
mediawiki mediawiki 1.4_beta3 |
||
mediawiki mediawiki 1.4_beta4 |
||
mediawiki mediawiki 1.4_beta5 |
||
mediawiki mediawiki 1.4.10 |
||
mediawiki mediawiki 1.4.7 |
||
mediawiki mediawiki 1.4.9 |