Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads (LQT) extension 2.x and possibly 3.x for MediaWiki 1.19.x prior to 1.19.8, 1.20.x prior to 1.20.7, and 1.21.x prior to 1.21.2 allows remote malicious users to inject arbitrary web script or HTML via a thread subject.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
liquidthreads_project liquidthreads 2.0 |
||
liquidthreads_project liquidthreads 2.1 |