CVE-2016-6333 — Cross-site Scripting in Mediawiki
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 43.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 20
Latest updateMay 17
Description
Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages3 packages
Patches
🔴Vulnerability Details
2📋Vendor Advisories
1Debian▶
CVE-2016-6333: mediawiki - Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature...↗2016
💬Community
3Bugzilla▶
CVE-2016-6331 CVE-2016-6332 CVE-2016-6333 CVE-2016-6334 CVE-2016-6335 CVE-2016-6336 mediawiki: multiple flaws fixed in 1.27.1, 1.26.4 and 1.23.15 [epel-all]↗2016-08-24
Bugzilla▶
CVE-2016-6331 CVE-2016-6332 CVE-2016-6333 CVE-2016-6334 CVE-2016-6335 CVE-2016-6336 mediawiki: multiple flaws fixed in 1.27.1, 1.26.4 and 1.23.15↗2016-08-24
Bugzilla▶
CVE-2016-6331 CVE-2016-6332 CVE-2016-6333 CVE-2016-6334 CVE-2016-6335 CVE-2016-6336 mediawiki: multiple flaws fixed in 1.27.1, 1.26.4 and 1.23.15 [fedora-all]↗2016-08-24