Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9475

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2014-9475
Last Modified 17 Sep 2015 02:14:14
Published 16 Jan 2015 11:59:09
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-9475

Summary

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message.

Vulnerable Systems

Application

  • Mediawiki 1.19.22

  • Mediawiki 1.20

  • Mediawiki 1.20.1

  • Mediawiki 1.20.2

  • Mediawiki 1.20.3

  • Mediawiki 1.20.4

  • Mediawiki 1.20.5

  • Mediawiki 1.20.6

  • Mediawiki 1.20.7

  • Mediawiki 1.20.8

  • Mediawiki 1.21

  • Mediawiki 1.21.1

  • Mediawiki 1.21.10

  • Mediawiki 1.21.11

  • Mediawiki 1.21.2

  • Mediawiki 1.21.3

  • Mediawiki 1.21.4

  • Mediawiki 1.21.5

  • Mediawiki 1.21.6

  • Mediawiki 1.21.7

  • Mediawiki 1.21.8

  • Mediawiki 1.21.9

  • Mediawiki 1.22.0

  • Mediawiki 1.22.1

  • Mediawiki 1.22.10

  • Mediawiki 1.22.11

  • Mediawiki 1.22.12

  • Mediawiki 1.22.13

  • Mediawiki 1.22.14

  • Mediawiki 1.22.2

  • Mediawiki 1.22.3

  • Mediawiki 1.22.4

  • Mediawiki 1.22.5

  • Mediawiki 1.22.6

  • Mediawiki 1.22.7

  • Mediawiki 1.22.8

  • Mediawiki 1.22.9

  • Mediawiki 1.23.0

  • Mediawiki 1.23.1

  • Mediawiki 1.23.2

  • Mediawiki 1.23.3

  • Mediawiki 1.23.4

  • Mediawiki 1.23.5

  • Mediawiki 1.23.6

  • Mediawiki 1.23.7

  • Mediawiki 1.24.0


References

MLIST - [MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23

MLIST - [oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23

MLIST - [oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23

DEBIAN - DSA-3110

MANDRIVA - MDVSA-2015:006


Last Updated: 27 May 2016 11:07:33