| Vulnerability Name: | CVE-2005-2215 (CCN-21491) | ||||||||
| Assigned: | 2005-07-12 | ||||||||
| Published: | 2005-07-12 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888. | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Wed Jul 20 2005 - 02:35:57 CDT [ GLSA 200507-18 ] MediaWiki: Cross-site scripting vulnerability Source: MITRE Type: CNA CVE-2005-2215 Source: MITRE Type: CNA CVE-2005-2396 Source: CCN Type: SA15950 MediaWiki Move Template Cross-Site Scripting Vulnerability Source: SECUNIA Type: Patch, Vendor Advisory 15950 Source: CONFIRM Type: Patch http://sourceforge.net/project/shownotes.php?release_id=340290 Source: CCN Type: SourceForge.net Project: MediaWiki: Release Notes Source: CCN Type: MediaWiki development Home page MediaWiki development Source: CCN Type: GLSA-200507-18 MediaWiki: Cross-site scripting vulnerability Source: SUSE Type: UNKNOWN SUSE-SR:2005:019 Source: CCN Type: OSVDB ID: 17763 MediaWiki Page Move Template XSS Source: BID Type: Patch 14181 Source: CCN Type: BID-14181 MediaWiki Page Move Cross-Site Scripting Vulnerability Source: CCN Type: BID-14327 MediaWiki Unspecified Remote Cross-Site Scripting Vulnerability Source: XF Type: UNKNOWN mediawiki-page-move-xss(21491) Source: SUSE Type: SUSE-SR:2005:019 SUSE Security Summary Report | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||