CVE-2014-9477

MediaWiki Listings Extension - Stored Cross-Site Scripting via Name or URL Parameter

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter.

References (4)

Core 4

Core References

Exploit x_refsource_confirm

https://phabricator.wikimedia.org/T77624

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2015/01/03/13

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2014/12/21/2

Vendor Advisory mailing-list x_refsource_mlist

https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html

Scores

EPSS 0.0026

EPSS Percentile 49.3%

Details

CWE

CWE-79

Status published

Products (46)

mediawiki/mediawiki 1.20

mediawiki/mediawiki 1.20.1

mediawiki/mediawiki 1.20.2

mediawiki/mediawiki 1.20.3

mediawiki/mediawiki 1.20.4

mediawiki/mediawiki 1.20.5

mediawiki/mediawiki 1.20.6

mediawiki/mediawiki 1.20.7

mediawiki/mediawiki 1.20.8

mediawiki/mediawiki 1.21

... and 36 more

Published Jan 16, 2015

Tracked Since Feb 18, 2026