Lucene search

K

[email protected]NVD:CVE-2007-1055

HistoryFeb 21, 2007 - 11:28 p.m.

CVE-2007-1055

2007-02-2123:28:00

CWE-94

[email protected]

web.nvd.nist.gov

7

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.5

Confidence

High

EPSS

0.759

Percentile

98.2%

Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE-2007-0177.

Affected configurations

Nvd

Node

mediawikimediawikiRange≤1.8.2

OR

mediawikimediawikiMatch1.9.0rc1

References

osvdb.org/37343

securityreason.com/securityalert/2274

svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0/phase3/RELEASE-NOTES

www.bugsec.com/articles.php?Security=24

www.securityfocus.com/archive/1/460596/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/32586

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.5

Confidence

High

EPSS

0.759

Percentile

98.2%

Related for NVD:CVE-2007-1055

cve2 ubuntucve2 prion2 cvelist2 debiancve2 nvd1 nessus1 checkpoint_advisories1 securityvulns2