← back
CVE-2016-6334

CVE-2016-6334

EPSS 1.1%
Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.redhat.com/show_bug.cgi?id=1369613https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.htmlhttps://phabricator.wikimedia.org/T137264http://www.securityfocus.com/bid/98057