VDB

GCVE-110-MAGEIA-2014-253

GCVE-110-MAGEIA-2014-253
Advisory Published
Vulnetix · Advisory published June 6, 2014
XSS vulnerability in MediaWiki before 1.22.7, due to usernames on Special:PasswordReset being parsed as wikitext. The username on Special:PasswordReset can be supplied by anyone and will be parsed with wgRawHtml enabled. Since Special:PasswordReset is whitelisted by default on private wikis, this could potentially lead to an XSS crossing a privilege boundary (CVE-2014-3966).

Affected Products

VendorProductVersionsPlatforms
Mageiamediawiki0 (affected), 1.22.7-1.mga4 (unaffected)
Mageiamediawiki1.22.7-1.mga3 (unaffected), 0 (affected)

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›