Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mediawiki | Mediawiki | 1.4.1 (including) | 1.4.1 (including) |
Mediawiki | Mediawiki | 1.4.2 (including) | 1.4.2 (including) |
Mediawiki | Mediawiki | 1.4.3 (including) | 1.4.3 (including) |
Mediawiki | Mediawiki | 1.4.5 (including) | 1.4.5 (including) |
Mediawiki | Mediawiki | 1.4_beta6 (including) | 1.4_beta6 (including) |
Mediawiki | Mediawiki | 1.5_alpha1 (including) | 1.5_alpha1 (including) |
Mediawiki | Mediawiki | 1.5_alpha2 (including) | 1.5_alpha2 (including) |
Mediawiki | Mediawiki | 1.5_beta1 (including) | 1.5_beta1 (including) |
Mediawiki | Mediawiki | 1.5_beta2 (including) | 1.5_beta2 (including) |