CVE-2004-2185 — Cross-site Scripting in Mediawiki

4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

2.0%

top 16.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

2

Mediawiki Debian Mediawiki

Timeline

PublishedDec 31

Latest updateApr 29

Description

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/mediawiki< mediawiki 1.4.9 (bookworm)

▶Debianmediawiki/mediawiki< 1.4.9+3

▶NVDmediawiki/mediawiki1.3.5

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-28gv-3m3r-c6m8: Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1↗2022-04-29

▶

OSV

CVE-2004-2185: Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1↗2004-12-31

▶

📋Vendor Advisories

1

Debian

CVE-2004-2185: mediawiki - Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow rem...↗2004

▶

CVE-2004-2185 — Cross-site Scripting in Mediawiki | cvebase