Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2015-04-13T14:00:00
Updated: 2024-08-06T05:32:20.872Z
Reserved: 2015-04-07T00:00:00
Link: CVE-2015-2941
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-04-13T14:59:14.460
Modified: 2024-11-21T02:28:21.810
Link: CVE-2015-2941
Redhat
No data.