CVE-2016-6333

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-6333
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6333.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-6333
Published
2017-04-20T17:59:00Z
Modified
2024-09-03T01:28:53.811069Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.

References

Affected packages

Git / github.com/wikimedia/mediawiki

Affected ranges

Type
GIT
Repo
https://github.com/wikimedia/mediawiki
Events

Affected versions

1.*

1.1.0
1.23.0
1.23.0-rc.1
1.23.0-rc.2
1.23.0-rc.3
1.23.0rc0
1.23.1
1.23.10
1.23.11
1.23.12
1.23.13
1.23.14
1.23.2
1.23.3
1.23.4
1.23.5
1.23.6
1.23.7
1.23.8
1.23.9
1.26.0
1.26.1
1.26.2
1.26.3
1.26.4
1.27.0
1.27.0-rc.0
1.27.0-rc.1
1.3.0beta1
1.5.0alpha1
1.5.0alpha2
1.5.0beta1
1.5.0beta2
1.5.0beta3
1.5.0beta4
1.6.0