CVE-2011-1765 in MediaWikiinfo

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578 and CVE-2011-1587.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

04/19/2011

Disclosure

05/23/2011

Moderation

VulDB entry created

Entries

1: VDB-57505

CPE

ready

CWE

CWE-79 (Confirmed)

CVSS

4.3

EPSS

0.00329

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-1765
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-1765
CVE Details	https://www.cvedetails.com/cve/CVE-2011-1765/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!