CVE-2015-6729
Published: 1 September 2015
Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page.
Notes
Author | Note |
---|---|
msalvatore | vulnerability introduced in 1.21 |
Priority
Status
Package | Release | Status |
---|---|---|
mediawiki Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(1.27.4-3)
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
upstream |
Released
(1.27.4-1~deb9u1)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Does not exist
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
Patches: upstream: https://phab.wmfusercontent.org/file/data/zm24swymokh5ac5bqsms/PHID-FILE-n2jrbxtlmei74wxmvbsa/T97391.patch |