Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9507

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2014-9507
Last Modified 13 Jan 2015 09:59:02
Published 04 Jan 2015 04:59:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2014-9507

Summary

MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS.

Vulnerable Systems

Application

  • Mediawiki 1.19.21

  • Mediawiki 1.20

  • Mediawiki 1.20.1

  • Mediawiki 1.20.2

  • Mediawiki 1.20.3

  • Mediawiki 1.20.4

  • Mediawiki 1.20.5

  • Mediawiki 1.20.6

  • Mediawiki 1.20.7

  • Mediawiki 1.20.8

  • Mediawiki 1.21

  • Mediawiki 1.21.1

  • Mediawiki 1.21.10

  • Mediawiki 1.21.11

  • Mediawiki 1.21.2

  • Mediawiki 1.21.3

  • Mediawiki 1.21.4

  • Mediawiki 1.21.5

  • Mediawiki 1.21.6

  • Mediawiki 1.21.7

  • Mediawiki 1.21.8

  • Mediawiki 1.21.9

  • Mediawiki 1.22.0

  • Mediawiki 1.22.1

  • Mediawiki 1.22.10

  • Mediawiki 1.22.11

  • Mediawiki 1.22.12

  • Mediawiki 1.22.13

  • Mediawiki 1.22.2

  • Mediawiki 1.22.3

  • Mediawiki 1.22.4

  • Mediawiki 1.22.5

  • Mediawiki 1.22.6

  • Mediawiki 1.22.7

  • Mediawiki 1.22.8

  • Mediawiki 1.23.0

  • Mediawiki 1.23.1

  • Mediawiki 1.23.2

  • Mediawiki 1.23.3

  • Mediawiki 1.23.4

  • Mediawiki 1.23.5

  • Mediawiki 1.23.6


References

CONFIRM - https://phabricator.wikimedia.org/T72901

MLIST - [MediaWiki-announce] 20141127 MediaWiki Security and Maintenance Releases: 1.23.7, 1.22.14 and 1.19.22


Last Updated: 27 May 2016 11:07:26