CVE-2015-2931

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2015-2931
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-2931.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2015-2931
Downstream
Related
Published
2015-04-13T14:59:04Z
Modified
2026-02-04T16:01:04.873427Z
Summary
[none]
Details

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI.

References

Affected packages