Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x prior to 1.19.8, 1.20.x prior to 1.20.7, and 1.21.x prior to 1.21.2 allow (1) remote malicious users to inject arbitrary web script or HTML via a label in the "In other languages" section or (2) remote administrators to inject arbitrary web script or HTML via a description.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki 1.19 |
||
mediawiki mediawiki 1.20.5 |
||
mediawiki mediawiki 1.20.6 |
||
mediawiki mediawiki 1.19.7 |
||
mediawiki mediawiki 1.20 |
||
mediawiki mediawiki 1.20.1 |
||
mediawiki mediawiki 1.19.3 |
||
mediawiki mediawiki 1.19.4 |
||
mediawiki mediawiki 1.21 |
||
mediawiki mediawiki 1.21.1 |
||
mediawiki mediawiki 1.19.1 |
||
mediawiki mediawiki 1.19.2 |
||
mediawiki mediawiki 1.19.0 |
||
mediawiki mediawiki 1.20.2 |
||
mediawiki mediawiki 1.20.3 |
||
mediawiki mediawiki 1.20.4 |
||
mediawiki mediawiki 1.19.5 |
||
mediawiki mediawiki 1.19.6 |