Lucene search
Tenable9474.PRMHistoryAug 05, 2016 - 12:00 a.m.
MediaWiki < 1.19.20 / 1.22.12 / 1.23.5 Multiple Vulnerabilities
2016-08-0500:00:00
Tenable
www.tenable.com
14
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
79.1%
The version of MediaWiki installed is 1.19.x earlier than 1.19.20, 1.22.x earlier than 1.22.12, or 1.23.x earlier than 1.23.5. Therefore, it is affected by the following XSS vulnerabilities :
- A flaw exists that allows a XSS attack. This flaw exists because the ‘includes/OutputPage.php’ script does not restrict JavaScript code embedded within CSS content before returning it to users. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server. (CVE-2013-7444)
- A flaw exists because the ‘includes/OutputPage.php’ script does not restrict JavaScript code embedded within CSS content before returning it to users. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server. (CVE-2014-7295)
Binary data 9474.prmRelated
cve
cve
CVE-2013-7444
2015-09-01 14:59:00
CVE-2014-7295
2014-10-07 14:55:09
cvelist
cvelist
CVE-2013-7444
2015-09-01 14:00:00
CVE-2014-7295
2014-10-07 14:00:00
debiancve
debiancve
CVE-2013-7444
2015-09-01 14:59:00
CVE-2014-7295
2014-10-07 14:55:09
nvd
nvd
CVE-2013-7444
2015-09-01 14:59:00
CVE-2014-7295
2014-10-07 14:55:09
nessus
nessus
Fedora 22 : mediawiki (2015-122a831a05)
2016-07-14 00:00:00
MediaWiki < 1.19.20 / 1.22.12 / 1.23.5 'includes/OutputPage.php' XSS
2014-10-09 00:00:00
Fedora 20 : mediawiki-1.23.5-1.fc20 (2014-12263)
2014-10-14 00:00:00
ubuntucve
ubuntucve
CVE-2014-7295
2014-10-07 00:00:00
CVE-2013-7444
2015-09-01 00:00:00
debian
debian
[SECURITY] [DSA 3046-1] mediawiki security update
2014-10-05 15:32:04
[SECURITY] [DSA 3046-1] mediawiki security update
2014-10-05 15:32:04
openvas
openvas
Debian: Security Advisory (DSA-3046-1)
2014-10-04 00:00:00
Debian Security Advisory DSA 3046-1 (mediawiki - security update)
2014-10-05 00:00:00
Mageia: Security Advisory (MGASA-2014-0400)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: mediawiki-1.23.5-1.fc21
2014-10-08 19:10:29
[SECURITY] Fedora 19 Update: mediawiki-1.23.8-1.fc19
2014-12-29 10:05:00
[SECURITY] Fedora 20 Update: mediawiki-1.23.7-1.fc20
2014-12-12 04:34:24
securityvulns
securityvulns
[SECURITY] [DSA 3046-1] mediawiki security update
2014-10-14 00:00:00
prion
prion
Code injection
2015-09-01 14:59:00
Cross site scripting
2014-10-07 14:55:00
osv
osv
mediawiki - security update
2014-10-05 00:00:00
archlinux
archlinux
mediawiki: Cross-site Scripting (XSS) and UI redressing
2014-10-04 00:00:00
mageia
mageia
Updated mediawiki packages fix security vulnerbilities
2014-10-07 13:22:51
freebsd
freebsd
mediawiki -- multiple vulnerabilities
2015-08-10 00:00:00
gentoo
gentoo
MediaWiki: Multiple vulnerabilities
2015-02-07 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
79.1%
Related for 9474.PRM