CVE-2007-1055

Sažetak

Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE-2007-0177.

Reference

http://osvdb.org/37343
http://securityreason.com/securityalert/2274
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0/phase3/RELEASE-NOTES
http://www.bugsec.com/articles.php?Security=24
http://www.securityfocus.com/archive/1/460596/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/32586

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-10-2018 - 18:08

Objavljeno

21-02-2007 - 23:28