Cross site scripting

2014-10-0714:55:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

49.3%

JSON

The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css.

CPENameOperatorVersion
mediawikieq1.23.0
mediawikieq1.22.8
mediawikieq1.19
mediawikieq1.19 beta-1
mediawikieq1.19.8
mediawikieq1.23.4
mediawikieq1.22.10
mediawikieq1.22.6
mediawikieq1.22.0
mediawikieq1.19.3

Name	Operator	Version
mediawiki	eq	1.23.0
mediawiki	eq	1.22.8
mediawiki	eq	1.19
mediawiki	eq	1.19 beta-1
mediawiki	eq	1.19.8
mediawiki	eq	1.23.4
mediawiki	eq	1.22.10
mediawiki	eq	1.22.6
mediawiki	eq	1.22.0
mediawiki	eq	1.19.3