CVE-2012-6453

Mediawiki Rssreader < 0.2.5 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the RSS Reader extension before 0.2.6 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a crafted feed.

References (2)

[Issue Tracking] http://bugs.debian.org/696179

[Third Party Advisory] http://www.mediawiki.org/wiki/Extension:RSS_Reader#0.2.6

Scores

EPSS 0.0022

EPSS Percentile 45.0%

Details

CWE

CWE-79

Status published

Products (7)

mediawiki/rssreader < 0.2.5

mediawiki/rssreader

n/a/n/a

Published Dec 31, 2012

Tracked Since Feb 18, 2026