Lucene search

PRIOn knowledge basePRION:CVE-2009-4589

HistoryJan 07, 2010 - 6:30 p.m.

Cross site scripting

2010-01-0718:30:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.3%

JSON

Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter.

CPENameOperatorVersion
mediawikeq1.15.105
mediawikieq1.14.0

CPE	Name	Operator	Version
	mediawik	eq	1.15.105
	mediawiki	eq	1.14.0

References

osvdb.org/55824

secunia.com/advisories/35818

www.securityfocus.com/bid/35662

www.vupen.com/english/advisories/2009/1882

bugzilla.wikimedia.org/show_bug.cgi?id=19693

exchange.xforce.ibmcloud.com/vulnerabilities/51687

lists.wikimedia.org/pipermail/mediawiki-announce/2009-July/000087.html