Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value.
2015-04-13T14:59:14.460
2025-04-12T10:46:40.837
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | mediawiki | mediawiki | ≤ 1.19.23 | Yes |
| Application | mediawiki | mediawiki | 1.20 | Yes |
| Application | mediawiki | mediawiki | 1.20.1 | Yes |
| Application | mediawiki | mediawiki | 1.20.2 | Yes |
| Application | mediawiki | mediawiki | 1.20.3 | Yes |
| Application | mediawiki | mediawiki | 1.20.4 | Yes |
| Application | mediawiki | mediawiki | 1.20.5 | Yes |
| Application | mediawiki | mediawiki | 1.20.6 | Yes |
| Application | mediawiki | mediawiki | 1.20.7 | Yes |
| Application | mediawiki | mediawiki | 1.20.8 | Yes |
| Application | mediawiki | mediawiki | 1.21 | Yes |
| Application | mediawiki | mediawiki | 1.21.1 | Yes |
| Application | mediawiki | mediawiki | 1.21.2 | Yes |
| Application | mediawiki | mediawiki | 1.21.3 | Yes |
| Application | mediawiki | mediawiki | 1.21.4 | Yes |
| Application | mediawiki | mediawiki | 1.21.5 | Yes |
| Application | mediawiki | mediawiki | 1.21.6 | Yes |
| Application | mediawiki | mediawiki | 1.21.7 | Yes |
| Application | mediawiki | mediawiki | 1.21.8 | Yes |
| Application | mediawiki | mediawiki | 1.21.9 | Yes |
| Application | mediawiki | mediawiki | 1.21.10 | Yes |
| Application | mediawiki | mediawiki | 1.21.11 | Yes |
| Application | mediawiki | mediawiki | 1.22.0 | Yes |
| Application | mediawiki | mediawiki | 1.22.1 | Yes |
| Application | mediawiki | mediawiki | 1.22.2 | Yes |
| Application | mediawiki | mediawiki | 1.22.3 | Yes |
| Application | mediawiki | mediawiki | 1.22.4 | Yes |
| Application | mediawiki | mediawiki | 1.22.5 | Yes |
| Application | mediawiki | mediawiki | 1.22.6 | Yes |
| Application | mediawiki | mediawiki | 1.22.7 | Yes |
| Application | mediawiki | mediawiki | 1.22.8 | Yes |
| Application | mediawiki | mediawiki | 1.22.9 | Yes |
| Application | mediawiki | mediawiki | 1.22.10 | Yes |
| Application | mediawiki | mediawiki | 1.22.11 | Yes |
| Application | mediawiki | mediawiki | 1.22.12 | Yes |
| Application | mediawiki | mediawiki | 1.22.13 | Yes |
| Application | mediawiki | mediawiki | 1.22.14 | Yes |
| Application | mediawiki | mediawiki | 1.22.15 | Yes |
| Application | mediawiki | mediawiki | 1.23.0 | Yes |
| Application | mediawiki | mediawiki | 1.23.1 | Yes |
| Application | mediawiki | mediawiki | 1.23.2 | Yes |
| Application | mediawiki | mediawiki | 1.23.3 | Yes |
| Application | mediawiki | mediawiki | 1.23.4 | Yes |
| Application | mediawiki | mediawiki | 1.23.5 | Yes |
| Application | mediawiki | mediawiki | 1.23.6 | Yes |
| Application | mediawiki | mediawiki | 1.23.7 | Yes |
| Application | mediawiki | mediawiki | 1.23.8 | Yes |
| Application | mediawiki | mediawiki | 1.24.0 | Yes |
| Application | mediawiki | mediawiki | 1.24.1 | Yes |