Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0177Code Injection in Mediawiki

CWE-94Code Injection10 documents6 sources
Severity
6.8MEDIUMNVD
NVD5.1OSV5.1
EPSS
22.2%
top 4.18%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
MediawikiDebian Mediawiki
Timeline
PublishedJan 11
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages3 packages

debiandebian/mediawiki< mediawiki 1.7.1-6 (bookworm)+1
Debianmediawiki/mediawiki< 1.7.1-6+7
NVDmediawiki/mediawiki1.8.2+14

Patches

Patch: sourceforge.netPatch: svn.wikimedia.orgPatch: svn.wikimedia.org

🔴Vulnerability Details

4
GHSA
GHSA-rwf8-mgf9-q3wr: Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 12022-05-01
GHSA
GHSA-x8v9-9fhc-8v9r: Cross-site scripting (XSS) vulnerability in the AJAX features in index2022-05-01
OSV
CVE-2007-1055: Cross-site scripting (XSS) vulnerability in the AJAX features in index2007-02-21
OSV
CVE-2007-0177: Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 12007-01-11

💥Exploits & PoCs

1
Exploit-DB
MediaWiki 1.x - 'AJAX index.php' Cross-Site Scripting2007-01-09

📋Vendor Advisories

2
Debian
CVE-2007-0177: mediawiki - Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before ...2007
Debian
CVE-2007-1055: mediawiki - Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in Me...2007

💬Community

1
Bugzilla
CVE-2007-0177: Security vulnerability in MediaWiki2007-01-09
CVE-2007-0177 — Code Injection in Debian Mediawiki | cvebase