CVE-2007-1054 — Cross-site Scripting in Mediawiki

4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

4.8%

top 10.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki

Timeline

PublishedFeb 21

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/mediawiki< mediawiki 1.7.1-9 (bookworm)

▶Debianmediawiki/mediawiki< 1.7.1-9+3

▶NVDmediawiki/mediawiki1.8.2

🔴Vulnerability Details

GHSA

GHSA-5hm7-53jc-8rg6: Cross-site scripting (XSS) vulnerability in the AJAX features in index↗2022-05-01

▶

OSV

CVE-2007-1054: Cross-site scripting (XSS) vulnerability in the AJAX features in index↗2007-02-21

▶

📋Vendor Advisories

Debian

CVE-2007-1054: mediawiki - Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in Me...↗2007

▶