CVE-2015-2941

Priority
Description
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x
before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote
attackers to inject arbitrary web script or HTML via an invalid parameter
in a wddx format request to api.php, which is not properly handled in an
error message, related to unsafe calls to wddx_serialize_value.
Notes
Package
Upstream:released (1:1.19.20+dfsg-2.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1:1.27.4-3)
More Information

Updated: 2020-09-10 04:41:10 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)