Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4501

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-4501
Last Modified 07 Mar 2011 09:28:24
Published 22 Dec 2005 04:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-4501

Summary

MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer.

Vulnerable Systems

Application

  • Mediawiki 1.1.0

  • Mediawiki 1.2.0

  • Mediawiki 1.2.1

  • Mediawiki 1.2.2

  • Mediawiki 1.2.3

  • Mediawiki 1.2.4

  • Mediawiki 1.2.5

  • Mediawiki 1.2.6

  • Mediawiki 1.3

  • Mediawiki 1.3.0

  • Mediawiki 1.3.1

  • Mediawiki 1.3.10

  • Mediawiki 1.3.11

  • Mediawiki 1.3.12

  • Mediawiki 1.3.13

  • Mediawiki 1.3.14

  • Mediawiki 1.3.15

  • Mediawiki 1.3.2

  • Mediawiki 1.3.3

  • Mediawiki 1.3.4

  • Mediawiki 1.3.5

  • Mediawiki 1.3.6

  • Mediawiki 1.3.7

  • Mediawiki 1.3.8

  • Mediawiki 1.3.9

  • Mediawiki 1.4 Beta1

  • Mediawiki 1.4 Beta2

  • Mediawiki 1.4 Beta3

  • Mediawiki 1.4 Beta4

  • Mediawiki 1.4 Beta5

  • Mediawiki 1.4 Beta6

  • Mediawiki 1.4.1

  • Mediawiki 1.4.10

  • Mediawiki 1.4.2

  • Mediawiki 1.4.3

  • Mediawiki 1.4.5

  • Mediawiki 1.4.6

  • Mediawiki 1.4.7

  • Mediawiki 1.4.8

  • Mediawiki 1.4.9

  • Mediawiki 1.5 Alpha1

  • Mediawiki 1.5 Alpha2

  • Mediawiki 1.5 Beta1

  • Mediawiki 1.5 Beta2

  • Mediawiki 1.5.3


References

BID - 16032

CONFIRM - http://www.mediawiki.org/wiki/Download

SECUNIA - 18219

VUPEN - ADV-2005-3059

XF - mediawiki-placeholder-bypass-security(23882)

SECUNIA - 18717

SUSE - SUSE-SR:2006:003


Last Updated: 27 May 2016 10:41:19