Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2008-5250

Published: 19/12/2008 Updated: 14/10/2009
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Mediawiki

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.6.11, 1.12.x prior to 1.12.2, and 1.13.x prior to 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page.

Vulnerable Product Search on Vulmon Subscribe to Product

mediawiki mediawiki 1.13.0

mediawiki mediawiki 1.13.1

mediawiki mediawiki 1.12.1

mediawiki mediawiki 1.13.2

mediawiki mediawiki 1.6.11

mediawiki mediawiki 1.12.0

Vendor Advisories

Debian Security Advisories: DSA-1901-1 mediawiki1.7 -- several vulnerabilities
Several vulnerabilities have been discovered in mediawiki17, a website engine for collaborative work The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-5249 David Remahl discovered that mediawiki17 is prone to a cross-site scripting attack CVE-2008-5250 David Remahl discovered that mediawiki17, when I ...
Debian CVElist Bug Report Logs: CVE-2008-5249: XSS vulnerability in MediaWiki
Debian Bug report logs - #508868 CVE-2008-5249: XSS vulnerability in MediaWiki Package: mediawiki; Maintainer for mediawiki is Kunal Mehta <legoktm@debianorg>; Source for mediawiki is src:mediawiki (PTS, buildd, popcon) Reported by: Raphael Geissert <atomo64@gmailcom> Date: Tue, 16 Dec 2008 04:48:01 UTC Severity: ...
Debian CVElist Bug Report Logs: CVE-2008-5250: several local script injection vulnerabilities in MediaWiki
Debian Bug report logs - #508869 CVE-2008-5250: several local script injection vulnerabilities in MediaWiki Package: mediawiki; Maintainer for mediawiki is Kunal Mehta <legoktm@debianorg>; Source for mediawiki is src:mediawiki (PTS, buildd, popcon) Reported by: Raphael Geissert <atomo64@gmailcom> Date: Tue, 16 Dec ...
Debian CVElist Bug Report Logs: CVE-2008-5252: CSRF vulnerability affecting the Special:Import feature in MediaWiki
Debian Bug report logs - #508870 CVE-2008-5252: CSRF vulnerability affecting the Special:Import feature in MediaWiki Package: mediawiki; Maintainer for mediawiki is Kunal Mehta <legoktm@debianorg>; Source for mediawiki is src:mediawiki (PTS, buildd, popcon) Reported by: Raphael Geissert <atomo64@gmailcom> Date: Tue ...

References

CWE-79http://secunia.com/advisories/33133http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.htmlhttp://www.securityfocus.com/bid/32844https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.htmlhttp://secunia.com/advisories/33349https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://www.debian.org/security/2009/dsa-1901https://nvd.nist.govhttps://www.debian.org/security/./dsa-1901
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code executionCVE-2024-34909CVE-2024-3317SSTICVE-2024-3400CVE-2024-30051wirelessCVE-2024-4622CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook