CVE-2012-2698
MediaWiki <1.17.5, <1.18.4, <1.19.1 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by anonymous · textwebappsphp
https://www.exploit-db.com/exploits/37404
References (13)
Scores
EPSS
0.1445
EPSS Percentile
94.3%
Classification
CWE
CWE-79
Status
published
Affected Products (50)
mediawiki/mediawiki
mediawiki/mediawiki
mediawiki/mediawiki
mediawiki/mediawiki
mediawiki/mediawiki
mediawiki/mediawiki
mediawiki/mediawiki
mediawiki/mediawiki
< 1.17.4
mediawiki/mediawiki
mediawiki/mediawiki
mediawiki/mediawiki
mediawiki/mediawiki
mediawiki/mediawiki
mediawiki/mediawiki
mediawiki/mediawiki
... and 35 more
Timeline
Published
Jun 29, 2012
Tracked Since
Feb 18, 2026