CVE-2005-2396Cross-site Scripting in Mediawiki

4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.6%
top 30.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MediawikiDebian Mediawiki
Timeline
PublishedJul 27
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/mediawiki< mediawiki 1.4.9 (bookworm)
Debianmediawiki/mediawiki< 1.4.9+3
NVDmediawiki/mediawiki31 versions+30

Patches

Patch: security.gentoo.orgPatch: www.securityfocus.comPatch: security.gentoo.org

🔴Vulnerability Details

2
GHSA
GHSA-34m5-x2xp-x8mh: Cross-site scripting (XSS) vulnerability in MediaWiki 12022-05-01
OSV
CVE-2005-2396: Cross-site scripting (XSS) vulnerability in MediaWiki 12005-07-27

📋Vendor Advisories

1
Debian
CVE-2005-2396: mediawiki - Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows r...2005
CVE-2005-2396 — Cross-site Scripting in Mediawiki | cvebase