Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x up to and including 1.9.2, when $wgUseAjax is enabled, allows remote malicious users to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki |