4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
74.1%
MediaWiki is a collaborative editing software, used by big projects like Wikipedia.
MediaWiki fails to escape a parameter in the page move template correctly.
By enticing a user to visit a specially crafted URL, a remote attacker could exploit this vulnerability to inject malicious JavaScript code that will be executed in a user’s browser session in the context of the vulnerable site.
There is no known workaround at this time.
All MediaWiki users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.4.7"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | www-apps/mediawiki | < 1.4.6 | UNKNOWN |