CVE-2005-3165 — Cross-site Scripting in Mediawiki

4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 49.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki

Timeline

PublishedOct 6

Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) tags or (2) Extension or sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/mediawiki< mediawiki 1.4.9 (bookworm)

▶Debianmediawiki/mediawiki< 1.4.9+3

▶NVDmediawiki/mediawiki13 versions+12

Patches

Patch: secunia.com ↗Patch: sourceforge.net ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-6gx9-22p7-84wm: Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1↗2022-05-01

▶

OSV

CVE-2005-3165: Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1↗2005-10-06

▶

📋Vendor Advisories

Debian

CVE-2005-3165: mediawiki - Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 al...↗2005

▶