CVE-2014-9476 — Mediawiki vulnerability
Severity
5.0MEDIUMNVD
EPSS
0.7%
top 27.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 16
Latest updateMay 17
Description
MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by "http://en.wikipedia.org.evilsite.example/."
CVSS vector
AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9
Affected Packages2 packages
🔴Vulnerability Details
1📋Vendor Advisories
1Debian▶
CVE-2014-9476: mediawiki - MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 al...↗2014
💬Community
1Bugzilla▶
CVE-2014-9475 CVE-2014-9476 CVE-2014-9477 CVE-2014-9478 CVE-2014-9479 CVE-2014-9480 CVE-2014-9481 CVE-2014-9487 mediawiki: multiple vulnerabilities↗2014-12-18