CVE-2014-9477

CVE-2014-9477

EPSS 1.2%

Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html https://phabricator.wikimedia.org/T77624 http://www.openwall.com/lists/oss-security/2014/12/21/2 http://www.openwall.com/lists/oss-security/2015/01/03/13