CVE-2008-1318 — Sensitive Information Exposure in Mediawiki

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 31.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki

Timeline

PublishedMar 13

Latest updateMay 1

Description

Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/mediawiki< mediawiki 1:1.11.2-1 (bookworm)

▶Debianmediawiki/mediawiki< 1:1.11.2-1+3

▶NVDmediawiki/mediawiki1.11, 1.11.1+1

Patches

Patch: lists.wikimedia.org ↗Patch: secunia.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-g7g8-7375-ffc7: Unspecified vulnerability in MediaWiki 1↗2022-05-01

▶

OSV

CVE-2008-1318: Unspecified vulnerability in MediaWiki 1↗2008-03-13

▶

📋Vendor Advisories

Debian

CVE-2008-1318: mediawiki - Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attacker...↗2008

▶

Red Hat

namazu XSS flaw↗

▶