6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.9 Medium
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.0005 Low
EPSS
Percentile
15.6%
Vulnerability in the WatchAnalytics extension of the hypertext environment implementation software tool
MediaWiki is related to XSS exploitation using the Special:PageStatistics page parameter. Exploitation
The exploitation of the vulnerability could allow a remote attacker to perform cross-site scripting attacks.
Vulnerability in the Phonos extension of the MediaWiki hypertext implementation software tool
is related to the exploitation of i18n-based XSS via the phonos-purge-needed-error message.
Exploitation of the vulnerability could allow an attacker acting remotely to perform cross-site
scripting attacks
Vulnerability in the Cargo extension of the MediaWiki hypertext implementation software tool
is related to XSS exploitation via artist, album and position parameters due to applied values of the
filter in detail/CargoAppliedFilter.php. Exploitation of the vulnerability could allow an attacker,
acting remotely, to perform cross-site scripting attacks
Vulnerability in the CheckUser extension of the MediaWiki hypertext implementation tool
is related to XSS exploitation via message definitions. e.g. in SpecialCheckUserLog. Exploitation of the
vulnerability could allow an attacker acting remotely to perform cross-site scripting attacks
A vulnerability in the PageTriage extension of the MediaWiki hypertext implementation software tool
is related to improper input neutralization during web page creation. Exploitation of the vulnerability
could allow an attacker acting remotely to perform cross-site scripting attacks.
Vulnerability in the CampaignEvents extension of the hypertext environment implementation software tool
MediaWiki is related to improper input neutralization during web page creation. Exploitation
exploitation of the vulnerability could allow a remote attacker to perform cross-site scripting attacks.
Vulnerability in the GlobalBlocking extension of the hypertext environment implementation software tool
MediaWiki is related to incorrect input neutralization during web page creation.
Exploitation of the vulnerability could allow an attacker acting remotely to perform cross-site scripting attacks.
scripting attacks
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.9 Medium
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.0005 Low
EPSS
Percentile
15.6%