CVE-2014-9507

Name of the Vulnerable Software and Affected Versions MediaWiki versions 1.21.x through 1.23.x before 1.23.7 MediaWiki version 1.22.x before 1.22.14

Description The issue allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS when the $wgContentHandlerUseDB variable is enabled.

Recommendations For MediaWiki versions 1.21.x, update to a version after 1.23.7 or apply the necessary configuration changes to disable the $wgContentHandlerUseDB variable. For MediaWiki version 1.22.x before 1.22.14, update to version 1.22.14 or later. For MediaWiki version 1.23.x before 1.23.7, update to version 1.23.7 or later.