CVE-2014-9480

MediaWiki Hovercards Extension - Cross-Site Scripting via Text Extracts

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts.

References (4)

Core 4

Core References

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2015/01/03/13

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2014/12/21/2

Vendor Advisory mailing-list x_refsource_mlist

https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html

Exploit x_refsource_confirm

https://phabricator.wikimedia.org/T69180

Scores

EPSS 0.0032

EPSS Percentile 55.5%

Details

CWE

CWE-79

Status published

Products (46)

mediawiki/mediawiki 1.20

mediawiki/mediawiki 1.20.1

mediawiki/mediawiki 1.20.2

mediawiki/mediawiki 1.20.3

mediawiki/mediawiki 1.20.4

mediawiki/mediawiki 1.20.5

mediawiki/mediawiki 1.20.6

mediawiki/mediawiki 1.20.7

mediawiki/mediawiki 1.20.8

mediawiki/mediawiki 1.21

... and 36 more

Published Jan 16, 2015

Tracked Since Feb 18, 2026