CVE-2008-5249Cross-site Scripting in Mediawiki

CWE-79Cross-site Scripting6 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 36.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MediawikiDebian Mediawiki
Timeline
PublishedDec 19
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/mediawiki< mediawiki 1:1.13.3-1 (bookworm)
Debianmediawiki/mediawiki< 1:1.13.3-1+3
NVDmediawiki/mediawiki1.13.0, 1.13.1, 1.13.2+2

Patches

Patch: lists.wikimedia.orgPatch: lists.wikimedia.org

🔴Vulnerability Details

2
GHSA
GHSA-jq48-2m27-c2mr: Cross-site scripting (XSS) vulnerability in MediaWiki 12022-05-17
OSV
CVE-2008-5249: Cross-site scripting (XSS) vulnerability in MediaWiki 12008-12-19

📋Vendor Advisories

1
Debian
CVE-2008-5249: mediawiki - Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allo...2008

📐Framework References

1
CWE
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

💬Community

1
Bugzilla
mediawiki: multiple XSS and CSRF issues (CVE-2008-5249, CVE-2008-5250, CVE-2008-5252, CVE-2008-5687, CVE-2008-5688)2008-12-16
CVE-2008-5249 — Cross-site Scripting in Mediawiki | cvebase