CVE-2014-9507 — Cross-site Scripting in Mediawiki

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

2.6LOWNVD

EPSS

0.2%

top 55.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki

Timeline

PublishedJan 4

Latest updateMay 17

Description

MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

▶NVDmediawiki/mediawiki1.19.21+41

▶debiandebian/mediawiki

Patches

Patch: lists.wikimedia.org ↗Patch: lists.wikimedia.org ↗

🔴Vulnerability Details

GHSA

GHSA-7h76-vwxh-8g2x: MediaWiki 1↗2022-05-17

▶

📋Vendor Advisories

Debian

CVE-2014-9507: mediawiki - MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgConte...↗2014

▶

💬Community

Bugzilla

CVE-2014-9507 CVE-2014-9277 mediawiki: security issues fixed in the 1.23.7, 1.22.14, and 1.19.22 releases↗2014-12-03

▶