Security Advisory

CVE-2014-7295

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2014-10-07 14:00:00

Last updated 2024-08-06 12:47:32

Assigner mitre

State PUBLISHED

Description

The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css.

← Browse all CVEs View on cve.org ↗