Unrated severityNVD Advisory· Published Feb 21, 2007· Updated Jun 16, 2026
CVE-2007-1054
CVE-2007-1054
Description
Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
10- attrition.org/pipermail/vim/2007-February/001367.htmlnvdExploit
- www.bugsec.com/articles.phpnvdExploit
- osvdb.org/32078nvd
- secunia.com/advisories/24211nvd
- securityreason.com/securityalert/2274nvd
- sourceforge.net/project/shownotes.phpnvd
- svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_3/phase3/RELEASE-NOTESnvd
- www.securityfocus.com/archive/1/460596/100/0/threadednvd
- www.vupen.com/english/advisories/2007/0678nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/32586nvd
News mentions
0No linked articles in our index yet.