Wikimedia · Mediawiki · CVE-2012-4378
Name of the Vulnerable Software and Affected Versions:
MediaWiki versions prior to 1.18.5
MediaWiki versions 1.19.x prior to 1.19.2
Description:
The issue allows remote attackers to inject arbitrary web script or HTML. This is possible when unspecified JavaScript gadgets are used via the `userlang` parameter to the "w/index.php" endpoint.
Recommendations:
For MediaWiki versions prior to 1.18.5, update to version 1.18.5 or later.
For MediaWiki versions 1.19.x prior to 1.19.2, update to version 1.19.2 or later.