Vulnerability Name:

CVE-2007-1054 (CCN-32586)

Assigned:2007-02-19
Published:2007-02-19
Updated:2018-10-16
Summary:Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer.
Successful exploitation requires that "$wgUseAjax" is enabled
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
2.4 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Mon Feb 19 2007 - 22:29:01 CST
MediaWiki Cross-site Scripting

Source: VIM
Type: Exploit
20070221 [unsure] MediaWiki Cross-site Scripting

Source: MITRE
Type: CNA
CVE-2007-1054

Source: MITRE
Type: CNA
CVE-2007-1055

Source: OSVDB
Type: UNKNOWN
32078

Source: CCN
Type: SA24211
MediaWiki AJAX UTF-7 Cross-Site Scripting

Source: SECUNIA
Type: UNKNOWN
24211

Source: SREASON
Type: UNKNOWN
2274

Source: CONFIRM
Type: UNKNOWN
http://sourceforge.net/project/shownotes.php?release_id=487921&group_id=34373

Source: CONFIRM
Type: UNKNOWN
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_3/phase3/RELEASE-NOTES

Source: MISC
Type: Exploit
http://www.bugsec.com/articles.php?Security=24

Source: CCN
Type: MediaWiki Web site
MediaWiki - MediaWiki

Source: CCN
Type: OSVDB ID: 32078
MediaWiki AJAX Support Module UTF-7 XSS

Source: CCN
Type: OSVDB ID: 37343
MediaWiki AJAX Features index.php rs Parameter XSS

Source: BUGTRAQ
Type: UNKNOWN
20070220 MediaWiki Cross-site Scripting

Source: VUPEN
Type: UNKNOWN
ADV-2007-0678

Source: XF
Type: UNKNOWN
mediawiki-index-xss(32586)

Source: XF
Type: UNKNOWN
mediawiki-index-xss(32586)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mediawiki:mediawiki:*:*:*:*:*:*:*:* (Version <= 1.8.2)

    • * Denotes that component is vulnerable
    BACK
    mediawiki mediawiki *