Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2611

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-2611
Last Modified 07 Mar 2011 09:36:35
Published 25 May 2006 09:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2611

Summary

Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character.

Vulnerable Systems

Application

  • Mediawiki 1.6.5

  • Mediawiki 1.6.5 R14348


References

CONFIRM - http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=14349

MISC - http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/Sanitizer.php?r1=14349&r2=14348&pathrev=14349

SECUNIA - 20189

MLIST - [Wikitech-l] 20060523 MediaWiki 1.6.5 JavaScript Execution Vulnerability # 2

MISC - http://bugzilla.wikimedia.org/show_bug.cgi?id=6055

VUPEN - ADV-2006-1926

MISC - http://nickj.org/MediaWiki

XF - mediawiki-unspecified-handler-xss(26646)

OSVDB - 25713


Last Updated: 27 May 2016 10:42:40