Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-5242
HistoryAug 22, 2014 - 12:00 a.m.

CVE-2014-5242

2014-08-2200:00:00
ubuntu.com
ubuntu.com
13

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.004

Percentile

73.1%

Cross-site scripting (XSS) vulnerability in
mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and
1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script
or HTML via vectors involving the multipageimagenavbox class in conjunction
with an action=raw value.

Notes

Author Note
seth-arnold Introduced in 1.22, thus none of our packages are affected

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.004

Percentile

73.1%