CVE-2008-0460

EUVD-2008-0470
Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
mediawikimediawiki
1.7.0
mediawikimediawiki
1.8.0
mediawikimediawiki
1.8.1
mediawikimediawiki
1.8.2
mediawikimediawiki
1.8.3
mediawikimediawiki
1.8.4
mediawikimediawiki
1.9.0
mediawikimediawiki
1.9.1
mediawikimediawiki
1.9.2
mediawikimediawiki
1.9.3
mediawikimediawiki
1.9.4
mediawikimediawiki
1.10.0
mediawikimediawiki
1.10.1
mediawikimediawiki
1.10.2
mediawikimediawiki
1.11
mediawikimediawiki
1.11.0rc1:rc1
mediawikimediawiki_botquery_ext
*
microsoftinternet_explorer
*
mediawikimediawiki
1.7.0
mediawikimediawiki_botquery_ext
*
microsoftinternet_explorer
*
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mediawiki
bookworm
1:1.39.7-1~deb12u1
fixed
bookworm (security)
1:1.39.10-1~deb12u1
fixed
bullseye
1:1.35.13-1+deb11u2
fixed
bullseye (security)
1:1.35.13-1+deb11u3
fixed
etch
not-affected
sid
1:1.39.10-1
fixed
trixie
1:1.39.10-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mediawiki
dapper
ignored
edgy
ignored
feisty
ignored
gutsy
ignored
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
Common Weakness Enumeration
References
http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-January/000068.html
http://secunia.com/advisories/28629
http://secunia.com/advisories/29266
http://www.securityfocus.com/bid/28137
http://www.vupen.com/english/advisories/2008/0280
https://exchange.xforce.ibmcloud.com/vulnerabilities/39901
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00147.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00189.html
http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-January/000068.html
http://secunia.com/advisories/28629
http://secunia.com/advisories/29266
http://www.securityfocus.com/bid/28137
http://www.vupen.com/english/advisories/2008/0280
https://exchange.xforce.ibmcloud.com/vulnerabilities/39901
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00147.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00189.html