Description
Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos.
References (1)
Core 1
Core References
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html
Scores
EPSS
0.0137
EPSS Percentile
68.6%
Details
CWE
CWE-79
Status
published
Products (16)
mediawiki/mediawiki
1.19 (3 CPE variants)
mediawiki/mediawiki
1.19.0
mediawiki/mediawiki
1.19.1
mediawiki/mediawiki
1.19.2
mediawiki/mediawiki
1.19.3
mediawiki/mediawiki
1.19.4
mediawiki/mediawiki
1.19.5
mediawiki/mediawiki
1.19.6
mediawiki/mediawiki
1.19.7
mediawiki/mediawiki
1.19.8
... and 6 more
Published
May 12, 2014
Tracked Since
Feb 18, 2026