Lucene search

K

MitreCVELIST:CVE-2015-2935

HistoryApr 13, 2015 - 2:00 p.m.

CVE-2015-2935

2015-04-1314:00:00

mitre

www.cve.org

5.9 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.7%

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by “@imporT.”

References

www.mandriva.com/security/advisories?name=MDVSA-2015:200

www.openwall.com/lists/oss-security/2015/04/01/1

www.openwall.com/lists/oss-security/2015/04/07/3

www.securityfocus.com/bid/73477

lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html

phabricator.wikimedia.org/T85349

security.gentoo.org/glsa/201510-05

5.9 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.7%

Related for CVELIST:CVE-2015-2935

cve1 nvd1 ubuntucve1 debiancve1 prion1 nessus3 securityvulns2 openvas4 mageia1 kaspersky1 archlinux1 gentoo1