CVE-2008-5250

2008-12-1917:30:00

Debian Security Bug Tracker

security-tracker.debian.org

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

45.6%

JSON

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page.

OSVersionArchitecturePackageVersionFilename
Debian12allmediawiki< 1:1.13.3-1mediawiki_1:1.13.3-1_all.deb
Debian11allmediawiki< 1:1.13.3-1mediawiki_1:1.13.3-1_all.deb
Debian10allmediawiki< 1:1.13.3-1mediawiki_1:1.13.3-1_all.deb
Debian999allmediawiki< 1:1.13.3-1mediawiki_1:1.13.3-1_all.deb
Debian13allmediawiki< 1:1.13.3-1mediawiki_1:1.13.3-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	mediawiki	< 1:1.13.3-1	mediawiki_1:1.13.3-1_all.deb
Debian	11	all	mediawiki	< 1:1.13.3-1	mediawiki_1:1.13.3-1_all.deb
Debian	10	all	mediawiki	< 1:1.13.3-1	mediawiki_1:1.13.3-1_all.deb
Debian	999	all	mediawiki	< 1:1.13.3-1	mediawiki_1:1.13.3-1_all.deb
Debian	13	all	mediawiki	< 1:1.13.3-1	mediawiki_1:1.13.3-1_all.deb