{"id":"CVE-2015-6730","details":"Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to \"ForeignAPI images.\"","modified":"2026-01-27T04:14:01.133921Z","published":"2015-09-01T14:59:08Z","withdrawn":"2026-01-27T04:14:01.133921Z","references":[{"type":"ADVISORY","url":"https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201510-05"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2015/08/12/6"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2015/08/27/6"},{"type":"WEB","url":"http://www.securityfocus.com/bid/76334"}],"schema_version":"1.7.3"}