CVE-2012-1582
09.09.2012, 21:55
Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstrated using the CharInsert extension.
| Vendor | Product | Version |
|---|---|---|
| mediawiki | mediawiki | 1.17 |
| mediawiki | mediawiki | 1.17:beta_1 |
| mediawiki | mediawiki | 1.17.0 |
| mediawiki | mediawiki | 1.17.0:rc1 |
| mediawiki | mediawiki | 1.17.1 |
| mediawiki | mediawiki | 1.17.2 |
| mediawiki | mediawiki | 1.18 |
| mediawiki | mediawiki | 1.18:beta_1 |
| mediawiki | mediawiki | 1.18.0 |
| mediawiki | mediawiki | 1.18.0:rc1 |
| mediawiki | mediawiki | 1.18.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
References