Arbitrary Script Injection in MediaWiki CSS User Subpage Preview Feature

Arbitrary Script Injection in MediaWiki CSS User Subpage Preview Feature

CVE-2016-6333 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.

Learn more about our Web App Pen Testing.