Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5250

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2008-5250
Last Modified 14 Oct 2009 01:17:08
Published 19 Dec 2008 12:30:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-5250

Summary

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page.

Vulnerable Systems

Application

  • Mediawiki 1.12.0

  • Mediawiki 1.12.1

  • Mediawiki 1.13.0

  • Mediawiki 1.13.1

  • Mediawiki 1.13.2

  • Mediawiki 1.6.11


References

SECUNIA - 33133

MLIST - [mediawiki-announce] 20081215 MediaWiki 1.13.3, 1.12.2, 1.6.11 security update

FEDORA - FEDORA-2008-11802

FEDORA - FEDORA-2008-11688

BID - 32844

DEBIAN - DSA-1901

SECUNIA - 33349

SUSE - SUSE-SR:2009:004


Last Updated: 27 May 2016 10:48:46