Published: 08/06/2010 Updated: 30/07/2010

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 prior to 1.15.4 and 1.16 prior to 1.16 beta 3 allows remote malicious users to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mediawiki mediawiki 1.16.0
mediawiki mediawiki 1.15.3
mediawiki mediawiki 1.15.0
mediawiki mediawiki 1.15.1
mediawiki mediawiki 1.15.2

Debian Bug report logs - #590669 mediawiki: XSS vulnerability in profileinfophp Package: mediawiki; Maintainer for mediawiki is Kunal Mehta <legoktm@debianorg>; Source for mediawiki is src:mediawiki (PTS, buildd, popcon) Reported by: Jonathan Wiltshire <jmw@debianorg> Date: Wed, 28 Jul 2010 11:03:02 UTC Severity: ...

Debian Bug report logs - #585918 mediawiki: XSS vulnerabilities, CVEs Package: mediawiki; Maintainer for mediawiki is Kunal Mehta <legoktm@debianorg>; Source for mediawiki is src:mediawiki (PTS, buildd, popcon) Reported by: Jonathan Wiltshire <debian@jwiltshireorguk> Date: Mon, 14 Jun 2010 21:09:02 UTC Severity: ...

CWE-79 https://bugzilla.wikimedia.org/show_bug.cgi?id=23687 http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590669

CVE-2010-1647

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect