Medium severity6.1NVD Advisory· Published Apr 20, 2017· Updated Jun 17, 2026
CVE-2016-6334
CVE-2016-6334
Description
Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*range: <=1.23.14
- cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.26.1:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.26.2:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.26.3:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.26.4:*:*:*:*:*:*:*
- cpe:2.3:a:mediawiki:mediawiki:1.27.0:*:*:*:*:*:*:*
- (no CPE)range: <1.23.15, 1.26.x < 1.26.4, 1.27.x < 1.27.1
- Range: <1.23.15, 1.26.x < 1.26.4, 1.27.x < 1.27.1
Patches
Vulnerability mechanics
References
4- lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.htmlnvdMailing ListPatchVendor Advisory
- phabricator.wikimedia.org/T137264nvdPatchThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- www.securityfocus.com/bid/98057nvd
News mentions
0No linked articles in our index yet.