CVE-2006-2895 — Cross-site Scripting in Mediawiki

5 documents4 sources

Severity

2.6LOWNVD

EPSS

0.6%

top 29.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki

Timeline

PublishedJun 7

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/mediawiki

▶NVDmediawiki/mediawiki8 versions+7

Patches

Patch: mail.wikipedia.org ↗Patch: secunia.com ↗Patch: svn.wikimedia.org ↗

🔴Vulnerability Details

GHSA

GHSA-5w75-96c9-ph5q: Cross-site scripting (XSS) vulnerability in MediaWiki 1↗2022-05-01

▶

📋Vendor Advisories

Red Hat

BSD compress LZW decoder buffer overflow↗2011-08-10

▶

Red Hat

David Koblas' GIF decoder LZW decoder buffer overflow↗2011-08-10

▶

Debian

CVE-2006-2895: mediawiki - Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions befor...↗2006

▶