← Back

CVE-2016-6334

nvd nist
Published: Apr 20, 2017Modified: May 13, 2026

JSON object

Loading...
6.1
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links.

Affected (7)

Products: Mediawiki: Mediawiki
Mediawiki
1 product
Mediawiki
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Mediawiki
Mediawiki
Up to 1.23.14
Mediawiki
Version 1.26.0
Mediawiki
Version 1.26.1
Mediawiki
Version 1.26.2
Mediawiki
Version 1.26.3
Mediawiki
Version 1.26.4
Mediawiki
Version 1.27.0

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (8)

Source: secalert@redhat.com
Source: secalert@redhat.com
Issue Tracking
Source: secalert@redhat.com
Mailing ListPatchVendor Advisory
Source: secalert@redhat.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.