CVE-2015-6730

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2015-6730
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2015-6730.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2015-6730
Downstream
Withdrawn
2026-01-27T04:14:01.133921Z
Published
2015-09-01T14:59:08Z
Modified
2026-01-27T04:14:01.133921Z
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."

References

Affected packages