CVE-2015-6734

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.23.10 MediaWiki versions 1.24.x prior to 1.24.3 MediaWiki versions 1.25.x prior to 1.25.2 SyntaxHighlight GeSHi extension (affected versions not specified)

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML.

Recommendations For MediaWiki versions prior to 1.23.10, update to version 1.23.10 or later. For MediaWiki versions 1.24.x prior to 1.24.3, update to version 1.24.3 or later. For MediaWiki versions 1.25.x prior to 1.25.2, update to version 1.25.2 or later. For the SyntaxHighlight GeSHi extension, at the moment, there is no information about a newer version that contains a fix for this vulnerability.