CVE-2014-9475

EPSS 0.16%

mediawiki - security update

Published: 1/16/2015Modified: 4/28/2026

Also known as:DEBIAN-CVE-2014-9475

Description

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message.

Affected packages (2)

Debian/mediawikifrom 0, < 1:1.19.20+dfsg-2.2
Debian/mediawikifrom 0, < 1:1.19.20+dfsg-0+deb7u3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-9475