ID 99015CF5-C4DD-11DA-B2FB-000E0C2E438A Type freebsd Reporter FreeBSD Modified 2005-12-22T00:00:00
Description
The mediawiki development team reports a vulnerability
within the mediawiki application. The vulnerability is
caused by improper checking of inline style attributes. This
could result in the execution of arbitrary javascript code in
Microsoft Internet Explorer. It appears that other browsers
are not affected by this vulnerability.
{"modified": "2005-12-22T00:00:00", "cvelist": ["CVE-2005-4501"], "edition": 1, "type": "freebsd", "reporter": "FreeBSD", "references": ["http://sourceforge.net/project/shownotes.php?release_id=379951"], "hashmap": [{"hash": "1e4a75333fa9cffad49f68253339626f", "key": "affectedPackage"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "003a2626855f90ff6cce596ac7b77fb6", "key": "cvelist"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "aa4d7951b64015b275b34c2293206ddd", "key": "description"}, {"hash": "aa477e2f914851ffc21853f926cfd765", "key": "href"}, {"hash": "24e9433d7c72eaaa8b247252f73340c1", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "24e9433d7c72eaaa8b247252f73340c1", "key": "published"}, {"hash": "934683c9496be8bd72aba8f1c94acea6", "key": "references"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "ef9e76a4847356fa2e8bb6cb1ba45811", "key": "title"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "cfcd208495d565ef66e7dff9f98764da", "key": "viewCount"}], "href": "https://vuxml.freebsd.org/freebsd/99015cf5-c4dd-11da-b2fb-000e0c2e438a.html", "description": "\nThe mediawiki development team reports a vulnerability\n\t within the mediawiki application. The vulnerability is\n\t caused by improper checking of inline style attributes. This\n\t could result in the execution of arbitrary javascript code in\n\t Microsoft Internet Explorer. It appears that other browsers\n\t are not affected by this vulnerability.\n", "id": "99015CF5-C4DD-11DA-B2FB-000E0C2E438A", "lastseen": "2016-09-26T17:25:08", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "hash": "8d52171a45385c9f21ab138832e22c7023e55fa4edd2ead96fc56a3af6319487", "enchantments": {"vulnersScore": 7.5}, "bulletinFamily": "unix", "history": [], "published": "2005-12-22T00:00:00", "objectVersion": "1.2", "affectedPackage": [{"packageFilename": "UNKNOWN", "operator": "lt", "packageVersion": "1.5.4", "OS": "FreeBSD", "packageName": "mediawiki", "OSVersion": "any", "arch": "noarch"}], "title": "mediawiki -- hardcoded placeholder string security bypass vulnerability", "viewCount": 0}
{"result": {"cve": [{"id": "CVE-2005-4501", "type": "cve", "title": "CVE-2005-4501", "description": "MediaWiki before 1.5.4 uses a hard-coded \"internal placeholder string\", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer.", "published": "2005-12-22T16:03:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4501", "cvelist": ["CVE-2005-4501"], "lastseen": "2017-07-20T10:48:59"}], "osvdb": [{"id": "OSVDB:21960", "type": "osvdb", "title": "MediaWiki Hardcoded Placeholder String Inline Style Attribute Security Bypass XSS", "description": "## Solution Description\nUpgrade to version 1.5.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html)\n[Secunia Advisory ID:18717](https://secuniaresearch.flexerasoftware.com/advisories/18717/)\n[Secunia Advisory ID:18219](https://secuniaresearch.flexerasoftware.com/advisories/18219/)\nMail List Post: http://archives.neohapsis.com/archives/apps/freshmeat/2005-12/0021.html\nFrSIRT Advisory: ADV-2005-3059\n[CVE-2005-4501](https://vulners.com/cve/CVE-2005-4501)\nBugtraq ID: 16032\n", "published": "2005-12-21T09:33:27", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:21960", "cvelist": ["CVE-2005-4501"], "lastseen": "2017-04-28T13:20:18"}], "nessus": [{"id": "FREEBSD_PKG_99015CF5C4DD11DAB2FB000E0C2E438A.NASL", "type": "nessus", "title": "FreeBSD : mediawiki -- hardcoded placeholder string security bypass vulnerability (99015cf5-c4dd-11da-b2fb-000e0c2e438a)", "description": "The mediawiki development team reports a vulnerability within the mediawiki application. The vulnerability is caused by improper checking of inline style attributes. This could result in the execution of arbitrary JavaScript code in Microsoft Internet Explorer.\nIt appears that other browsers are not affected by this vulnerability.", "published": "2006-05-13T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=21482", "cvelist": ["CVE-2005-4501"], "lastseen": "2017-10-29T13:36:29"}], "openvas": [{"id": "OPENVAS:56516", "type": "openvas", "title": "FreeBSD Ports: mediawiki", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56516", "cvelist": ["CVE-2005-4501"], "lastseen": "2017-07-02T21:10:24"}]}}
