CVE-2015-6729 — Cross-site Scripting in Mediawiki

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 48.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki

Timeline

PublishedSep 1

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDmediawiki/mediawiki1.23.9+5

▶debiandebian/mediawiki

🔴Vulnerability Details

GHSA

GHSA-96wq-382g-99vw: Cross-site scripting (XSS) vulnerability in thumb↗2022-05-17

▶

📋Vendor Advisories

Debian

CVE-2015-6729: mediawiki - Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.1...↗2015

▶

💬Community

Bugzilla

CVE-2013-7444 CVE-2015-6737 CVE-2015-6736 CVE-2015-6727 CVE-2015-6733 CVE-2015-6732 CVE-2015-6731 CVE-2015-6730 CVE-2015-6728 CVE-2015-6729 CVE-2015-6735 CVE-2015-6734 mediawiki: multiple security fix↗2015-08-13

▶