CVE-2008-0460

Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:N/I:P/A:N
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
mediawikimediawiki
1.7.0
mediawikimediawiki
1.8.0
mediawikimediawiki
1.8.1
mediawikimediawiki
1.8.2
mediawikimediawiki
1.8.3
mediawikimediawiki
1.8.4
mediawikimediawiki
1.9.0
mediawikimediawiki
1.9.1
mediawikimediawiki
1.9.2
mediawikimediawiki
1.9.3
mediawikimediawiki
1.9.4
mediawikimediawiki
1.10.0
mediawikimediawiki
1.10.1
mediawikimediawiki
1.10.2
mediawikimediawiki
1.11
mediawikimediawiki
1.11.0rc1
mediawikimediawiki_botquery_ext
*
microsoftinternet_explorer
*
mediawikimediawiki
1.7.0
mediawikimediawiki_botquery_ext
*
microsoftinternet_explorer
*
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mediawiki
bullseye
1:1.35.13-1+deb11u2
fixed
etch
not-affected
bullseye (security)
1:1.35.13-1+deb11u3
fixed
bookworm
1:1.39.7-1~deb12u1
fixed
bookworm (security)
1:1.39.10-1~deb12u1
fixed
sid
1:1.39.10-1
fixed
trixie
1:1.39.10-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mediawiki
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
gutsy
ignored
feisty
ignored
edgy
ignored
dapper
ignored