Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x prior to 1.17.3 and 1.18.x prior to 1.18.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstrated using the CharInsert extension.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki 1.17 |
||
mediawiki mediawiki 1.17.1 |
||
mediawiki mediawiki 1.17.2 |
||
mediawiki mediawiki 1.17.0 |
||
mediawiki mediawiki 1.18 |
||
mediawiki mediawiki 1.18.0 |
||
mediawiki mediawiki 1.18.1 |