CVE-2012-4377 — Cross-site Scripting in Mediawiki

CWE-79 — Cross-site Scripting6 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

1.0%

top 22.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki

Timeline

PublishedOct 26

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶debiandebian/mediawiki< mediawiki 1:1.19.2-1 (bookworm)

▶Debianmediawiki/mediawiki< 1:1.19.2-1+3

▶NVDmediawiki/mediawiki1.18.4+2

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-rcq7-gcq5-jx2v: Cross-site scripting (XSS) vulnerability in MediaWiki before 1↗2022-05-17

▶

OSV

CVE-2012-4377: Cross-site scripting (XSS) vulnerability in MediaWiki before 1↗2017-10-26

▶

📋Vendor Advisories

Debian

CVE-2012-4377: mediawiki - Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x b...↗2012

▶

💬Community

Bugzilla

CVE-2012-4377 CVE-2012-4378 CVE-2012-4379 CVE-2012-4380 CVE-2012-4381 mediawiki various flaws [fedora-all]↗2012-08-31

▶

Bugzilla

CVE-2012-4377 mediawiki: Stored XSS via a File::link to a non-existing image↗2012-08-31

▶