CVE-2010-2788 in MediaWiki
Summary
by MITRE
Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 11/05/2021
The CVE-2010-2788 vulnerability represents a critical cross-site scripting flaw in MediaWiki versions prior to 1.15.5 that specifically targets the profileinfo.php script when the wgEnableProfileInfo configuration option is active. This vulnerability falls under the CWE-79 category of Cross-Site Scripting, which is one of the most prevalent and dangerous web application security flaws identified by the CWE database. The issue arises from insufficient input validation and output encoding mechanisms within the MediaWiki platform's profile information handling functionality.
The technical flaw manifests when the filter parameter in profileinfo.php fails to properly sanitize user-supplied input before rendering it within the web page context. This allows malicious actors to inject arbitrary HTML or JavaScript code that gets executed in the context of other users' browsers who view the affected profile information. The vulnerability is particularly concerning because it leverages the wgEnableProfileInfo setting, which is often enabled in collaborative environments where users expect to share detailed profile information. When exploited, the malicious code can execute with the privileges of the victim user, potentially leading to session hijacking, credential theft, or redirection to malicious sites.
The operational impact of this vulnerability extends beyond simple script injection, as it can be exploited to compromise the entire user session within the MediaWiki environment. Attackers can craft malicious URLs that, when clicked by unsuspecting users, execute scripts that steal cookies, modify page content, or redirect users to phishing sites. This represents a significant threat to collaborative platforms where users frequently interact with profile information and where the wgEnableProfileInfo feature is commonly enabled. The vulnerability is particularly dangerous in environments where MediaWiki serves as a corporate knowledge base or collaborative platform where sensitive information is shared.
Mitigation strategies for CVE-2010-2788 should prioritize immediate patching of MediaWiki installations to version 1.15.5 or later, which contains the necessary input validation and output encoding fixes. Organizations should also implement proper input sanitization at multiple layers, including validating and escaping all user-supplied parameters before they are processed or displayed. The ATT&CK framework categorizes this vulnerability under T1566 - Phishing and T1059 - Command and Scripting Interpreter, highlighting the need for comprehensive security controls. Additional protective measures include implementing Content Security Policy headers, disabling unnecessary profile information features when not required, and conducting regular security audits of web applications. Network monitoring should be enhanced to detect suspicious parameter patterns in URL requests that may indicate attempted exploitation of this vulnerability, as the attack vector relies on manipulating the filter parameter in the profileinfo.php script.