{"enchantments": {"score": {"value": 4.7, "vector": "NONE", "modified": "2017-04-28T13:20:11", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-1245"]}], "modified": "2017-04-28T13:20:11", "rev": 2}, "vulnersScore": 4.7}, "bulletinFamily": "software", "affectedSoftware": [{"name": "MediaWiki", "operator": "eq", "version": "1.3.9"}, {"name": "MediaWiki", "operator": "eq", "version": "1.3.10"}, {"name": "MediaWiki", "operator": "eq", "version": "1.3.8"}, {"name": "MediaWiki", "operator": "eq", "version": "1.3.6"}, {"name": "MediaWiki", "operator": "eq", "version": "1.3.1"}, {"name": "MediaWiki", "operator": "eq", "version": "1.2.x"}, {"name": "MediaWiki", "operator": "eq", "version": "1.3.7"}, {"name": "MediaWiki", "operator": "eq", "version": "1.3.4"}, {"name": "MediaWiki", "operator": "eq", "version": "1.4.0"}, {"name": "MediaWiki", "operator": "eq", "version": "1.4.1"}, {"name": "MediaWiki", "operator": "eq", "version": "1.1.0"}, {"name": "MediaWiki", "operator": "eq", "version": "1.3.11"}, {"name": "MediaWiki", "operator": "eq", "version": "1.3.3"}, {"name": "MediaWiki", "operator": "eq", "version": "1.3.2"}, {"name": "MediaWiki", "operator": "eq", "version": "1.3.5"}, {"name": "MediaWiki", "operator": "eq", "version": "1.3.0"}], "references": [], "href": "https://vulners.com/osvdb/OSVDB:15719", "id": "OSVDB:15719", "title": "MediaWiki $wgUseTidy Output Processing XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "lastseen": "2017-04-28T13:20:11", "edition": 1, "reporter": "OSVDB", "description": "## Vulnerability Description\nMediaWiki contains a flaw that allows a remote cross site scripting attack. This flaw, which affects MSIE clients only, exists if MediaWiki has been configured to output through HTML Tidy ($wgUseTidy) and is caused by the application not properly validating user input. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.3.12, 1.4.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMediaWiki contains a flaw that allows a remote cross site scripting attack. This flaw, which affects MSIE clients only, exists if MediaWiki has been configured to output through HTML Tidy ($wgUseTidy) and is caused by the application not properly validating user input. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://wikipedia.sourceforge.net/\n[Secunia Advisory ID:14993](https://secuniaresearch.flexerasoftware.com/advisories/14993/)\nISS X-Force ID: 20210\n[CVE-2005-1245](https://vulners.com/cve/CVE-2005-1245)\nBugtraq ID: 13301\n", "modified": "2005-04-20T11:53:33", "viewCount": 0, "published": "2005-04-20T11:53:33", "cvelist": ["CVE-2005-1245"]}

{"cve": [{"lastseen": "2020-10-03T11:34:54", "description": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors.", "edition": 3, "cvss3": {}, "published": "2005-05-02T04:00:00", "title": "CVE-2005-1245", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1245"], "modified": "2017-07-11T01:32:00", "cpe": ["cpe:/a:mediawiki:mediawiki:1.3.10", "cpe:/a:mediawiki:mediawiki:1.4_beta4", "cpe:/a:mediawiki:mediawiki:1.3", "cpe:/a:mediawiki:mediawiki:1.3.5", "cpe:/a:mediawiki:mediawiki:1.3.11", "cpe:/a:mediawiki:mediawiki:1.3.9", "cpe:/a:mediawiki:mediawiki:1.4_beta2", "cpe:/a:mediawiki:mediawiki:1.3.1", "cpe:/a:mediawiki:mediawiki:1.3.4", "cpe:/a:mediawiki:mediawiki:1.3.6", "cpe:/a:mediawiki:mediawiki:1.3.8", "cpe:/a:mediawiki:mediawiki:1.4_beta5", "cpe:/a:mediawiki:mediawiki:1.3.2", "cpe:/a:mediawiki:mediawiki:1.3.7", "cpe:/a:mediawiki:mediawiki:1.4_beta1", "cpe:/a:mediawiki:mediawiki:1.3.3", "cpe:/a:mediawiki:mediawiki:1.4_beta3"], "id": "CVE-2005-1245", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1245", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mediawiki:mediawiki:1.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4_beta2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4_beta1:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4_beta5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4_beta3:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.4_beta4:*:*:*:*:*:*:*", "cpe:2.3:a:mediawiki:mediawiki:1.3:*:*:*:*:*:*:*"]}]}