Wikimedia · Mediawiki · CVE-2012-4377
Name of the Vulnerable Software and Affected Versions:
MediaWiki versions prior to 1.18.5
MediaWiki versions 1.19.x prior to 1.19.2
Description:
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image. This occurs when an attacker crafts a link that appears to be a legitimate image file but actually contains malicious code.
Recommendations:
For MediaWiki versions prior to 1.18.5, update to version 1.18.5 or later.
For MediaWiki versions 1.19.x prior to 1.19.2, update to version 1.19.2 or later.