CVE-2011-0003 — Improper Input Validation in Mediawiki

CWE-20 — Improper Input Validation9 documents6 sources

Severity

5.8MEDIUMNVD

EPSS

0.9%

top 23.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki

Timeline

PublishedJan 11

Latest updateMay 3

Description

MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages3 packages

▶debiandebian/mediawiki< mediawiki 1:1.15.5-2 (bookworm)

▶Debianmediawiki/mediawiki< 1:1.15.5-2+3

▶NVDmediawiki/mediawiki1.16.0+110

Patches

Patch: lists.wikimedia.org ↗Patch: lists.wikimedia.org ↗

🔴Vulnerability Details

GHSA

GHSA-w85r-wgrm-jwhr: MediaWiki before 1↗2022-05-03

▶

OSV

CVE-2011-0003: MediaWiki before 1↗2011-01-11

▶

📋Vendor Advisories

Debian

CVE-2011-0003: mediawiki - MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows ...↗2011

▶

💬Community

Bugzilla

CVE-2011-0003 mediawiki: clickjacking vulnerability↗2011-01-04

▶

Bugzilla

CVE-2011-0003 mediawiki: clickjacking vulnerability [epel-5]↗2011-01-04

▶

Bugzilla

CVE-2011-0003 mediawiki: clickjacking vulnerability [fedora-all]↗2011-01-04

▶