Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 up to and including 1.11.0rc1, 1.10 up to and including 1.10.2, 1.9 up to and including 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and previous versions; when Internet Explorer is used, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki 1.10.1 |
||
mediawiki mediawiki 1.10.2 |
||
mediawiki mediawiki 1.8.3 |
||
mediawiki mediawiki 1.8.4 |
||
mediawiki mediawiki 1.11 |
||
mediawiki mediawiki 1.11.0rc1 |
||
mediawiki mediawiki 1.9.0 |
||
mediawiki mediawiki 1.9.1 |
||
mediawiki mediawiki 1.10.0 |
||
mediawiki mediawiki 1.8.1 |
||
mediawiki mediawiki 1.8.2 |
||
mediawiki mediawiki botquery ext |
||
microsoft internet explorer |
||
mediawiki mediawiki 1.7.0 |
||
mediawiki mediawiki 1.8.0 |
||
mediawiki mediawiki 1.9.2 |
||
mediawiki mediawiki 1.9.3 |
||
mediawiki mediawiki 1.9.4 |