vulnerability
MediaWiki: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2012-4378)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Oct 26, 2017 | Oct 23, 2019 | May 16, 2022 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Oct 26, 2017
Added
Oct 23, 2019
Modified
May 16, 2022
Description
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php.
Solution
mediawiki-upgrade-latest
References
- CVE-2012-4378
- https://attackerkb.com/topics/CVE-2012-4378
- URL-http://www.openwall.com/lists/oss-security/2012/08/31/10
- URL-http://www.openwall.com/lists/oss-security/2012/08/31/6
- URL-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=853417
- URL-https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html
- URL-https://phabricator.wikimedia.org/T39587
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.