Arbitrary Script Injection in MediaWiki CSS User Subpage Preview Feature
CVE-2016-6333 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.
Learn more about our Web App Pen Testing.