Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-06-06T14:00:00

Updated: 2024-08-06T10:57:18.054Z

Reserved: 2014-06-04T00:00:00

Link: CVE-2014-3966

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-06-06T14:55:05.227

Modified: 2024-11-21T02:09:13.997

Link: CVE-2014-3966

cve-icon Redhat

No data.