A vulnerability was found in MediaWiki (Content Management System). It has been declared as problematic. This vulnerability affects an unknown part. The manipulation with an unknown input leads to a cross site scripting vulnerability. The CWE definition for the vulnerability is CWE-80. The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. As an impact it is known to affect integrity. CVE summarizes:

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients.

The weakness was disclosed 10/06/2005 (Website). The advisory is shared for download at sourceforge.net. This vulnerability was named CVE-2005-3165 since 10/06/2005. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1059.007.

Upgrading to version 1.4.9 eliminates this vulnerability.

The entries 26514 and 26513 are pretty similar.

Productinfo

Type

• Content Management System

Name

• MediaWiki

Version

• 1.4 Beta1
• 1.4 Beta2
• 1.4 Beta3
• 1.4 Beta4
• 1.4 Beta5
• 1.4 Beta6
• 1.4.1
• 1.4.2
• 1.4.3
• 1.4.5
• 1.4.6
• 1.4.7
• 1.4.8

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion