Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-03-02T02:00:00
Updated: 2024-08-06T10:06:00.222Z
Reserved: 2014-02-28T00:00:00
Link: CVE-2014-2244
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-03-02T04:57:25.950
Modified: 2024-11-21T02:05:55.053
Link: CVE-2014-2244
Redhat
No data.