Medium severity6.1NVD Advisory· Published Apr 20, 2017· Updated Jun 17, 2026
CVE-2016-6333
CVE-2016-6333
Description
Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*range: <=1.23.14
- cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.26.1:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.26.2:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.26.3:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.26.4:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.27.0:*:*:*:*:*:*:*
- (no CPE)range: <1.23.15, <1.26.4, <1.27.1
- Range: <1.23.15, <1.26.4, <1.27.1
Patches
Vulnerability mechanics
References
4- lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.htmlnvdMailing ListPatchVendor Advisory
- phabricator.wikimedia.org/T133147nvdPatchThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- www.securityfocus.com/bid/98053nvd
News mentions
0No linked articles in our index yet.