CVE-2016-6333

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-6333

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6333.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-6333

Downstream

DEBIAN-CVE-2016-6333

Related

MGASA-2016-0305

Published

2017-04-20T17:59:00.633Z

Modified

2026-02-22T07:57:48.034112Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.

References

Affected packages

Git / github.com/wikimedia/mediawiki

Affected ranges

Type: GIT
Repo: https://github.com/wikimedia/mediawiki
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1b1588f892b81983d5cd93bea6f5b5d652b2cdf5

Affected versions

1.*

1.1.0

1.23.0

1.23.0-rc.1

1.23.0-rc.2

1.23.0-rc.3

1.23.0rc0

1.23.1

1.23.10

1.23.11

1.23.12

1.23.13

1.23.14

1.23.2

1.23.3

1.23.4

1.23.5

1.23.6

1.23.7

1.23.8

1.23.9

1.3.0beta1

1.5.0alpha1

1.5.0alpha2

1.5.0beta1

1.5.0beta2

1.5.0beta3

1.5.0beta4

1.6.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6333.json"