CVE-2016-6334
6.1
MEDIUM
CVSS 3.1
EPSS 0.22%
Description
Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links.
How to fix CVE-2016-6334
To remediate CVE-2016-6334, upgrade the affected package to a fixed version below.
- Debian/mediawiki—upgrade to 1:1.27.1-1 or later
Is CVE-2016-6334 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:1.27.1-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |