CVE-2005-3167 — Cross-site Scripting in Mediawiki

4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 35.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki

Timeline

PublishedOct 6

Latest updateMay 1

Description

Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/mediawiki< mediawiki 1.4.11-1 (bookworm)

▶Debianmediawiki/mediawiki< 1.4.11-1+3

▶NVDmediawiki/mediawiki15 versions+14

Patches

Patch: sourceforge.net ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-pxm9-3wx9-3q85: Incomplete blacklist vulnerability in MediaWiki before 1↗2022-05-01

▶

OSV

CVE-2005-3167: Incomplete blacklist vulnerability in MediaWiki before 1↗2005-10-06

▶

📋Vendor Advisories

Debian

CVE-2005-3167: mediawiki - Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly ...↗2005

▶