CVE-2015-6730

Name: CVE-2015-6730
Creator: NVD / NIST
Published: 2015-09-01T14:59:08.4+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.01%

Last modified Jun 17, 2026

CVE-2015-6730 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images.". EPSS estimates a 2.01% chance of exploitation in the next 30 days.

Description

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."

Metrics

EPSS Probability

2.01%

78.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Mediawiki	Mediawiki	<= 1.23.9
Mediawiki	Mediawiki	1.24.0
Mediawiki	Mediawiki	1.24.1
Mediawiki	Mediawiki	1.24.2
Mediawiki	Mediawiki	1.25.0
Mediawiki	Mediawiki	1.25.1

References

Timeline

Published: Sep 1, 2015
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-6730?

How severe is CVE-2015-6730?

Severity scoring for CVE-2015-6730 is pending analysis. The EPSS model estimates a 2.01% probability of exploitation in the next 30 days.

How do I fix CVE-2015-6730?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-6730?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST