Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1582

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1582
Last Modified 10 Sep 2012 01:18:10
Published 09 Sep 2012 05:55:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1582

Summary

Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstrated using the CharInsert extension.

Vulnerable Systems

Application

  • Mediawiki 1.17

  • Mediawiki 1.17.0

  • Mediawiki 1.17.1

  • Mediawiki 1.17.2

  • Mediawiki 1.18

  • Mediawiki 1.18.0

  • Mediawiki 1.18.1


References

CONFIRM - https://bugzilla.wikimedia.org/show_bug.cgi?id=35315

XF - mediawiki-wikitext-xss(74288)

BID - 52689

MLIST - [oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2

MLIST - [oss-security] 20120322 MediaWiki security and maintenance release 1.18.2

SECUNIA - 48504

OSVDB - 80363

MLIST - [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2

MLIST - [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3


Last Updated: 27 May 2016 11:00:32