Unrated severityNVD Advisory· Published Jun 7, 2006· Updated Jun 16, 2026

CVE-2006-2895

Description

Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

MediaWiki/Mediawiki9 versions
cpe:2.3:a:mediawiki:mediawiki:1.6.0:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:mediawiki:mediawiki:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.6.5_r14348:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.6.6:*:*:*:*:*:*:*
- (no CPE)range: <1.6.7

Patches

Vulnerability mechanics

References

mail.wikipedia.org/pipermail/mediawiki-announce/2006-June/000048.htmlnvdPatch
secunia.com/advisories/20458nvdPatchVendor Advisory
svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_7/phase3/RELEASE-NOTESnvdPatch
www.vupen.com/english/advisories/2006/2159nvd
exchange.xforce.ibmcloud.com/vulnerabilities/27029nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000