CVE-2012-6453
MediaWiki RSS Reader < 0.2.6 - Cross-Site Scripting via Crafted Feed
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the RSS Reader extension before 0.2.6 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a crafted feed.
References (2)
Core 2
Core References
Issue Tracking x_refsource_confirm
http://bugs.debian.org/696179
Third Party Advisory x_refsource_confirm
http://www.mediawiki.org/wiki/Extension:RSS_Reader#0.2.6
Scores
EPSS
0.0022
EPSS Percentile
45.1%
Details
CWE
CWE-79
Status
published
Products (6)
mediawiki/rssreader
0.2
mediawiki/rssreader
0.2.1
mediawiki/rssreader
0.2.2
mediawiki/rssreader
0.2.3
mediawiki/rssreader
0.2.4
mediawiki/rssreader
< 0.2.5
Published
Dec 31, 2012
Tracked Since
Feb 18, 2026