CVE-2014-2853
Published
CVSS v3
N/A
CVSS v2
4.3
MEDIUM
Affected
1
PROJECT
Description
Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.
π» The collaborative editing software that runs Wikipedia. MirrorΒ fromΒ https://gerrit.wikimedia.org/g/mediawiki/core. SeeΒ https://mediawiki.org/wiki/Developer_access forΒ contributing.
GitHub