Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:53
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html - | |
References | () http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html - Patch, Vendor Advisory | |
References | () http://secunia.com/advisories/33133 - Patch, Vendor Advisory | |
References | () http://secunia.com/advisories/33349 - | |
References | () http://www.debian.org/security/2009/dsa-1901 - | |
References | () http://www.securityfocus.com/bid/32844 - | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html - | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html - |
Information
Published : 2008-12-19 17:30
Updated : 2024-11-21 00:53
NVD link : CVE-2008-5250
Mitre link : CVE-2008-5250
CVE.ORG link : CVE-2008-5250
JSON object : View
Products Affected
mediawiki
- mediawiki
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')