Lucene search

[email protected]CVE-2006-2895

HistoryJun 07, 2006 - 10:02 a.m.

CVE-2006-2895

2006-06-0710:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2895

xss

vulnerability

mediawiki 1.6.0

nvd

5.9 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.5%

JSON

Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form.

CPENameOperatorVersion
mediawiki:mediawikimediawikieq1.6.3
mediawiki:mediawikimediawikieq1.6.2
mediawiki:mediawikimediawikieq1.6.5
mediawiki:mediawikimediawikieq1.6.6
mediawiki:mediawikimediawikieq1.6.4
mediawiki:mediawikimediawikieq1.6.5_r14348
mediawiki:mediawikimediawikieq1.6.0
mediawiki:mediawikimediawikieq1.6.1

CPE	Name	Operator	Version
mediawiki:mediawiki	mediawiki	eq	1.6.3
mediawiki:mediawiki	mediawiki	eq	1.6.2
mediawiki:mediawiki	mediawiki	eq	1.6.5
mediawiki:mediawiki	mediawiki	eq	1.6.6
mediawiki:mediawiki	mediawiki	eq	1.6.4
mediawiki:mediawiki	mediawiki	eq	1.6.5_r14348
mediawiki:mediawiki	mediawiki	eq	1.6.0
mediawiki:mediawiki	mediawiki	eq	1.6.1

References

mail.wikipedia.org/pipermail/mediawiki-announce/2006-June/000048.html

secunia.com/advisories/20458

svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_7/phase3/RELEASE-NOTES

www.vupen.com/english/advisories/2006/2159

exchange.xforce.ibmcloud.com/vulnerabilities/27029

5.9 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.5%

JSON

Related for CVE-2006-2895

debiancve1 prion1 ubuntucve1