Lucene search

Veracode Vulnerability DatabaseVERACODE:45018

HistoryJan 13, 2024 - 2:39 a.m.

Cross Site Scripting(XSS)

2024-01-1302:39:54

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross site scripting

mediawiki

load special:log/rights

administrator account

url manipulation

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

20.6%

JSON

mediawiki:sid is vulnerable to cross site scripting. The vulnerability due to Load Special:log/rights script by using an administrator account. it allows an attacker can change URL ends with &uselang;=x-xss which leads to XSS.

References

lists.debian.org/debian-lts-announce/2024/04/msg00018.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/

phabricator.wikimedia.org/T347726

security-tracker.debian.org/tracker/CVE-2023-51704

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

20.6%

JSON

Related for VERACODE:45018