Wikimedia mediawiki-extensions-I18nTags Unlike Parser I18nTags_body.php 跨网站脚本

条目历史差异jsonxmlCTI

在Wikimedia mediawiki-extensions-I18nTags 中曾发现分类为棘手的漏洞。此漏洞会影响某些未知进程文件I18nTags_body.php的组件Unlike Parser。手动调试的不合法输入可导致跨网站脚本。漏洞的CWE定义是 CWE-79。此漏洞的脆弱性 2023-01-05公示人身份b4bc3cbbb099eab50cf2b544cf577116f1867b94、所公布。分享公告的网址是github.com。该漏洞被标识为CVE-2018-25065，可以发起远程攻击，有技术细节可用。没有可利用漏洞。当前漏洞利用价值为美元大约是 $0-$5k。 MITRE ATT&CK项目使用攻击技术T1059.007来解决该问题。它被宣布为未定义。我们估计的零日攻击价值约为$0-$5k。补丁名称为b4bc3cbbb099eab50cf2b544cf577116f1867b94。错误修复程序下载地址为github.com，建议采用一个补丁来修正此问题。该漏洞被披露后，远在此前发表过可能的缓解措施。

字段	2023-01-05 10時22分	2023-01-28 14時59分	2023-01-28 15時04分
vendor	Wikimedia	Wikimedia	Wikimedia
name	mediawiki-extensions-I18nTags	mediawiki-extensions-I18nTags	mediawiki-extensions-I18nTags
component	Unlike Parser	Unlike Parser	Unlike Parser
file	I18nTags_body.php	I18nTags_body.php	I18nTags_body.php
cwe	79 (跨网站脚本)	79 (跨网站脚本)	79 (跨网站脚本)
risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
identifier	b4bc3cbbb099eab50cf2b544cf577116f1867b94	b4bc3cbbb099eab50cf2b544cf577116f1867b94	b4bc3cbbb099eab50cf2b544cf577116f1867b94
url	https://github.com/wikimedia/mediawiki-extensions-I18nTags/commit/b4bc3cbbb099eab50cf2b544cf577116f1867b94	https://github.com/wikimedia/mediawiki-extensions-I18nTags/commit/b4bc3cbbb099eab50cf2b544cf577116f1867b94	https://github.com/wikimedia/mediawiki-extensions-I18nTags/commit/b4bc3cbbb099eab50cf2b544cf577116f1867b94
name	补丁	补丁	补丁
patch_name	b4bc3cbbb099eab50cf2b544cf577116f1867b94	b4bc3cbbb099eab50cf2b544cf577116f1867b94	b4bc3cbbb099eab50cf2b544cf577116f1867b94
patch_url	https://github.com/wikimedia/mediawiki-extensions-I18nTags/commit/b4bc3cbbb099eab50cf2b544cf577116f1867b94	https://github.com/wikimedia/mediawiki-extensions-I18nTags/commit/b4bc3cbbb099eab50cf2b544cf577116f1867b94	https://github.com/wikimedia/mediawiki-extensions-I18nTags/commit/b4bc3cbbb099eab50cf2b544cf577116f1867b94
advisoryquote	Unlike parser functions, tag functions' output is unescaped by default.	Unlike parser functions, tag functions' output is unescaped by default.	Unlike parser functions, tag functions' output is unescaped by default.
cve	CVE-2018-25065	CVE-2018-25065	CVE-2018-25065
responsible	VulDB	VulDB	VulDB
date	1672873200 (2023-01-05)	1672873200 (2023-01-05)	1672873200 (2023-01-05)
type	Content Management System	Content Management System	Content Management System
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	4.0	4.0	4.0
cvss2_vuldb_tempscore	3.5	3.5	3.5
cvss3_vuldb_basescore	3.5	3.5	3.5
cvss3_vuldb_tempscore	3.4	3.4	3.4
cvss3_meta_basescore	3.5	3.5	4.4
cvss3_meta_tempscore	3.4	3.4	4.3
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1672873200 (2023-01-05)	1672873200 (2023-01-05)
cve_nvd_summary		A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTags_body.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is b4bc3cbbb099eab50cf2b544cf577116f1867b94. It is recommended to apply a patch to fix this issue. The identifier VDB-217445 was assigned to this vulnerability.	A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTags_body.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is b4bc3cbbb099eab50cf2b544cf577116f1867b94. It is recommended to apply a patch to fix this issue. The identifier VDB-217445 was assigned to this vulnerability.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			R
cvss3_nvd_s			C
cvss3_nvd_c			L
cvss3_nvd_i			L
cvss3_nvd_a			N
cvss2_nvd_av			N
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			N
cvss2_nvd_ii			P
cvss2_nvd_ai			N
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			N
cve_cna			VulDB
cvss2_nvd_basescore			4.0
cvss3_nvd_basescore			6.1
cvss3_cna_basescore			3.5

◂ 上一步一览下一步 ▸

Interested in the pricing of exploits?

See the underground prices here!