Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-9276
HistoryJan 04, 2015 - 12:00 a.m.

CVE-2014-9276

2015-01-0400:00:00
ubuntu.com
ubuntu.com
20

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.001

Percentile

49.7%

Cross-site request forgery (CSRF) vulnerability in the
Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through
1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to
true, allows remote attackers to hijack the authentication of users with
edit permissions for requests that cross-site scripting (XSS) attacks via
the wpInput parameter, which is not properly handled in the preview.

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.001

Percentile

49.7%