CVE Vulnerability

CVE-2008-5250

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page.

3.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://secunia.com/advisories/33133 Patch Vendor Advisory
http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html Patch Vendor Advisory
http://www.securityfocus.com/bid/32844
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html
http://secunia.com/advisories/33349
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://www.debian.org/security/2009/dsa-1901
Configurations

Configuration 1

cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.6.11:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*
Information

Published : 2008-12-19 05:30

Updated : 2009-10-14 05:17

NVD link : CVE-2008-5250

Mitre link : CVE-2008-5250

Products Affected
No products.
CWE
CWE-79