Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-7295
HistoryOct 07, 2014 - 12:00 a.m.

CVE-2014-7295

2014-10-0700:00:00
ubuntu.com
ubuntu.com
17

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

EPSS

0.001

Percentile

50.0%

The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki
before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows
remote authenticated users to conduct cross-site scripting (XSS) attacks or
have unspecified other impact via crafted CSS, as demonstrated by modifying
MediaWiki:Common.css.

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

EPSS

0.001

Percentile

50.0%