exploitDog

GHSA-m3mr-7w8m-ffxc

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI.

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI.

Ссылки

EPSS

Процентиль: 51%

0.00281

Низкий

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2015-2931

ubuntu

почти 11 лет назад

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI.

CVE-2015-2931

nvd

почти 11 лет назад

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI.

CVE-2015-2931

debian

почти 11 лет назад

Incomplete blacklist vulnerability in includes/upload/UploadBase.php i ...

EPSS

Процентиль: 51%

0.00281

Низкий

CVE ID

Дефекты

CWE-79