CVE-2011-0047 — Cross-site Scripting in Mediawiki

CWE-79 — Cross-site Scripting10 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.8%

top 25.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki

Timeline

PublishedFeb 4

Latest updateMay 3

Description

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka "CSS injection vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/mediawiki< mediawiki 1:1.15.5-3 (bookworm)

▶Debianmediawiki/mediawiki< 1:1.15.5-3+3

▶NVDmediawiki/mediawiki1.16.1+110

Patches

Patch: lists.wikimedia.org ↗Patch: lists.wikimedia.org ↗

🔴Vulnerability Details

GHSA

GHSA-q8c6-mwr8-9h23: Cross-site scripting (XSS) vulnerability in MediaWiki before 1↗2022-05-03

▶

OSV

CVE-2011-0047: Cross-site scripting (XSS) vulnerability in MediaWiki before 1↗2011-02-04

▶

📋Vendor Advisories

Debian

CVE-2011-0047: mediawiki - Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remot...↗2011

▶

💬Community

Bugzilla

CVE-2011-0047 CVE-2011-0537 mediawiki: multiple vulnerabilities corrected in mediawiki 1.16.2↗2011-02-01

▶

Bugzilla

CVE-2011-0047 mediawiki: multiple vulnerabilities corrected in mediawiki 1.16.2 [epel-5]↗2011-02-01

▶

Bugzilla

CVE-2011-0047 mediawiki: multiple vulnerabilities corrected in mediawiki 1.16.2 [epel-4]↗2011-02-01

▶

Bugzilla

CVE-2011-0047 mediawiki: multiple vulnerabilities corrected in mediawiki 1.16.2 [epel-all]↗2011-02-01

▶

Bugzilla

CVE-2011-0047 mediawiki: multiple vulnerabilities corrected in mediawiki 1.16.2 [epel-all]↗2011-02-01

▶