CVE-2004-2152Cross-site Scripting in Mediawiki

4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 35.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MediawikiDebian Mediawiki
Timeline
PublishedDec 31
Latest updateApr 29

Description

Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/mediawiki< mediawiki 1.4.9 (bookworm)
Debianmediawiki/mediawiki< 1.4.9+3
NVDmediawiki/mediawiki13 versions+12

Patches

Patch: secunia.comPatch: sourceforge.netPatch: www.osvdb.org

🔴Vulnerability Details

2
GHSA
GHSA-7xh4-qggh-f88q: Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 12022-04-29
OSV
CVE-2004-2152: Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 12004-12-31

📋Vendor Advisories

1
Debian
CVE-2004-2152: mediawiki - Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki...2004
CVE-2004-2152 — Cross-site Scripting in Mediawiki | cvebase