Lucene search
RootSSV:60366HistorySep 04, 2012 - 12:00 a.m.
MediaWiki 1.x userlang参数跨站脚本漏洞
2012-09-0400:00:00
Root
www.seebug.org
9
0.002 Low
EPSS
Percentile
54.9%
Bugtraq ID:55370
CVE ID: CVE-2012-4378
MediaWiki是一套以GPL授权发行的Wiki引擎。
通过"uselang"参数传递给index.php的输入在通过某些工具返回给用户之前缺少过滤,可导致基于DOM的跨站脚本攻击,构建构建恶意WEB页,诱使用户解析,可获得敏感信息或劫持用户会话。
0
MediaWiki 1.x
厂商解决方案
MediaWiki 1.18.5或1.19.2已经修复此漏洞,建议用户下载使用:
http://wikipedia.sourceforge.net/
Related
cve
cve
CVE-2012-4378
2017-10-26 20:29:00
debiancve
debiancve
CVE-2012-4378
2017-10-26 20:29:00
cvelist
cvelist
CVE-2012-4378
2017-10-26 20:00:00
ubuntucve
ubuntucve
CVE-2012-4378
2017-10-26 00:00:00
prion
prion
Cross site scripting
2017-10-26 20:29:00
nvd
nvd
CVE-2012-4378
2017-10-26 20:29:00
openvas
openvas
MediaWiki Multiple Vulnerabilities (Aug 2012) - Windows
2017-11-08 00:00:00
MediaWiki Multiple Vulnerabilities (Aug 2012) - Linux
2017-11-08 00:00:00
FreeBSD Ports: mediawiki
2012-09-07 00:00:00
nessus
nessus
FreeBSD : mediawiki -- multiple vulnerabilities (7c0fecd6-f42f-11e1-b17b-000c2977ec30)
2012-09-04 00:00:00
MediaWiki < 1.18.5 / 1.19.2 Multiple Vulnerabilities
2012-09-27 00:00:00
freebsd
freebsd
mediawiki -- multiple vulnerabilities
2012-08-27 00:00:00