Lucene search

GitHub Advisory DatabaseGHSA-HJ4C-VFC4-5F9C

HistoryDec 10, 2023 - 9:30 p.m.

Cross-site Scripting in Semantic MediaWiki

2023-12-1021:30:27

CWE-79

GitHub Advisory Database

github.com

reflected xss

special:ask

semantic mediawiki

security vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS.

Affected configurations

Vulners

Node

mediawikisemantic_drilldownRange<4.0.2mediawiki

CPENameOperatorVersion
mediawiki/semantic-media-wikilt4.0.2

CPE	Name	Operator	Version
	mediawiki/semantic-media-wiki	lt	4.0.2

References

github.com/advisories/GHSA-hj4c-vfc4-5f9c

github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/semantic-media-wiki/CVE-2022-48614.yaml

github.com/SemanticMediaWiki/SemanticMediaWiki/commit/604968d44fcdfcbb7f1e00c5d662ca5d5a3a5613

github.com/SemanticMediaWiki/SemanticMediaWiki/issues/5262

nvd.nist.gov/vuln/detail/CVE-2022-48614

www.semantic-mediawiki.org/wiki/Semantic_MediaWiki_4.0.2

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for GHSA-HJ4C-VFC4-5F9C