CVE-2005-3165

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.4.9

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via (1) tags or (2) Extension or sections. These sections bypass HTML style attribute restrictions intended to protect against XSS vulnerabilities in Internet Explorer clients.

Recommendations For versions prior to 1.4.9, update to version 1.4.9 or later to resolve the issue. As a temporary workaround, consider restricting the use of tags and Extension or sections to minimize the risk of exploitation.