Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-03-02T02:00:00

Updated: 2024-08-06T10:06:00.222Z

Reserved: 2014-02-28T00:00:00

Link: CVE-2014-2244

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-03-02T04:57:25.950

Modified: 2024-11-21T02:05:55.053

Link: CVE-2014-2244

cve-icon Redhat

No data.