CVE-2007-0177

Sažetak

Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Reference

http://osvdb.org/31525
http://secunia.com/advisories/23647
http://secunia.com/advisories/24889
http://sourceforge.net/forum/forum.php?forum_id=652721
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES
http://www.novell.com/linux/security/advisories/2007_6_sr.html
http://www.securityfocus.com/bid/21956
http://www.vupen.com/english/advisories/2007/0096
https://exchange.xforce.ibmcloud.com/vulnerabilities/31359

CVSS

Base:	5.1
Impact:	6.4
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-07-2017 - 01:30

Objavljeno

11-01-2007 - 00:28