Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9480
Reference (s):
- https://phabricator.wikimedia.org/T69180
- MLIST:[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23
- URL: https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html
- MLIST:[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23
- URL: http://www.openwall.com/lists/oss-security/2014/12/21/2