CVE-2016-6333

Priority
Description
Cross-site scripting (XSS) vulnerability in the CSS user subpage preview
feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x
before 1.27.1 allows remote attackers to inject arbitrary web script or
HTML via the edit box in Special:MyPage/common.css.
Notes
Package
Upstream:released (1.27.1,1.26.4,1.23.15)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.27.1)
More Information

Updated: 2020-09-10 05:30:56 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)