Vulnerability Name:

CVE-2008-4408 (CCN-45632)

Assigned:2008-10-02
Published:2008-10-02
Updated:2017-08-08
Summary:Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-4408

Source: CCN
Type: MediaWiki-announce Mailing List, Thu Oct 2 16:03:25 UTC 2008
MediaWiki 1.13.2, 1.12.1 security update

Source: MLIST
Type: UNKNOWN
[MediaWiki-announce] 20081002 MediaWiki 1.13.2, 1.12.1 security update

Source: MLIST
Type: UNKNOWN
[oss-security] 20081002 CVE request: XSS in mediawiki 1.13.1 and 1.12.0

Source: SECUNIA
Type: UNKNOWN
32128

Source: CCN
Type: SA32131
MediaWiki "useskin" Cross-Site Scripting Vulnerability

Source: SECUNIA
Type: UNKNOWN
32131

Source: CONFIRM
Type: UNKNOWN
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_1/phase3/RELEASE-NOTES

Source: CCN
Type: MediaWiki SVN Repository
MediaWiki release notes, Changes since 1.13.1

Source: CONFIRM
Type: UNKNOWN
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOTES

Source: CCN
Type: MediaWiki Web site
MediaWiki

Source: CCN
Type: OSVDB ID: 48786
MediaWiki userskin Parameter XSS

Source: CCN
Type: OSVDB ID: 48787
MediaWiki LocalSettings.php wgGroupPermissions Variable Manipulation Restriction Manipulation

Source: BID
Type: UNKNOWN
31540

Source: CCN
Type: BID-31540
MediaWiki 'useskin' Cross-Site Scripting Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2008-2737

Source: XF
Type: UNKNOWN
mediawiki-useskin-xss(45632)

Source: XF
Type: UNKNOWN
mediawiki-useskin-xss(45632)

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-8639

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-8678

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*
  • OR cpe:/a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    mediawiki mediawiki 1.12.0
    mediawiki mediawiki 1.13.1