CVE-2010-1189 — Improper Input Validation in Mediawiki

CWE-20 — Improper Input Validation8 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 40.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki

Timeline

PublishedMar 31

Latest updateMay 2

Description

MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka "CSS validation issue."

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/mediawiki< mediawiki 1:1.15.2-1 (bookworm)

▶Debianmediawiki/mediawiki< 1:1.15.2-1+3

▶NVDmediawiki/mediawiki1.15.1+72

Patches

Patch: lists.wikimedia.org ↗Patch: lists.wikimedia.org ↗

🔴Vulnerability Details

GHSA

GHSA-cqgp-cp8g-949g: MediaWiki before 1↗2022-05-02

▶

OSV

CVE-2010-1189: MediaWiki before 1↗2010-03-31

▶

📋Vendor Advisories

Red Hat

MediaWiki: Two security fixes in v1.15.2↗2010-03-08

▶

Debian

CVE-2010-1189: mediawiki - MediaWiki before 1.15.2 does not prevent wiki editors from linking to images fro...↗2010

▶

💬Community

Bugzilla

CVE-2010-1150 MediaWiki v.1.15.3: Login CSRF↗2010-04-08

▶

Bugzilla

CVE-2010-1189 CVE-2010-1190 MediaWiki: Two security fixes in v1.15.2↗2010-03-09

▶

Bugzilla

CVE-2009-1189 dbus: invalid fix for CVE-2008-3834↗2009-04-20

▶