Mediawiki : Security Vulnerabilities, CVEs, Published In April 2015 (Information Leak)
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT."
Max CVSS
5.0
EPSS Score
0.80%
Published
2015-04-13
Updated
2016-12-07
1 vulnerabilities found