Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2008-5250
HistoryDec 19, 2008 - 5:30 p.m.

CVE-2008-5250

2008-12-1917:30:03
CWE-79
mitre
web.nvd.nist.gov
38
cve-2008-5250
cross-site scripting
xss
mediawiki
vulnerability
internet explorer
svg uploads

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

46.2%

JSON

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page.

Affected configurations

Nvd
Node
mediawikimediawikiMatch1.6.11
OR
mediawikimediawikiMatch1.12.0
OR
mediawikimediawikiMatch1.12.1
OR
mediawikimediawikiMatch1.13.0
OR
mediawikimediawikiMatch1.13.1
OR
mediawikimediawikiMatch1.13.2
VendorProductVersionCPE
mediawikimediawiki1.6.11cpe:2.3:a:mediawiki:mediawiki:1.6.11:*:*:*:*:*:*:*
mediawikimediawiki1.12.0cpe:2.3:a:mediawiki:mediawiki:1.12.0:*:*:*:*:*:*:*
mediawikimediawiki1.12.1cpe:2.3:a:mediawiki:mediawiki:1.12.1:*:*:*:*:*:*:*
mediawikimediawiki1.13.0cpe:2.3:a:mediawiki:mediawiki:1.13.0:*:*:*:*:*:*:*
mediawikimediawiki1.13.1cpe:2.3:a:mediawiki:mediawiki:1.13.1:*:*:*:*:*:*:*
mediawikimediawiki1.13.2cpe:2.3:a:mediawiki:mediawiki:1.13.2:*:*:*:*:*:*:*

Related

ubuntucve 1
cvelist 1
debiancve 1
nvd 1
prion 1
nessus 7
openvas 19
freebsd 1
debian 3
osv 1
fedora 7
ubuntucve
ubuntucve
CVE-2008-5250
2008-12-19 00:00:00
cvelist
cvelist
CVE-2008-5250
2008-12-19 17:00:00
debiancve
debiancve
CVE-2008-5250
2008-12-19 17:30:03
nvd
nvd
CVE-2008-5250
2008-12-19 17:30:03
prion
prion
Cross site scripting
2008-12-19 17:30:00
nessus
nessus
openSUSE Security Update : mediawiki (mediawiki-506)
2009-07-21 00:00:00
openSUSE 10 Security Update : mediawiki (mediawiki-5987)
2009-02-13 00:00:00
FreeBSD : mediawiki -- multiple vulnerabilities (61b07d71-ce0e-11dd-a721-0030843d3802)
2008-12-21 00:00:00
openvas
openvas
MediaWiki < 1.6.11, 1.12.x < 1.12.2, 1.13.x < 1.13.3 Multiple Vulnerabilities (Dec 2008)
2008-12-29 00:00:00
FreeBSD Ports: mediawiki
2008-12-23 00:00:00
FreeBSD Ports: mediawiki
2008-12-23 00:00:00
freebsd
freebsd
mediawiki -- multiple vulnerabilities
2008-12-15 00:00:00
debian
debian
[SECURITY] [DSA 1901-1] New mediawiki1.7 packages fix several vulnerabilities
2009-10-05 04:08:58
[Backports-security-announce] Security Update for mediawiki
2009-03-07 21:52:35
[Backports-security-announce] Security Update for mediawiki
2009-03-07 21:52:25
osv
osv
mediawiki1.7 - several vulnerabilities
2009-10-05 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: mediawiki-1.13.3-42.fc10
2008-12-24 18:42:44
[SECURITY] Fedora 10 Update: mediawiki-1.15.1-48.fc10
2009-07-19 10:20:57
[SECURITY] Fedora 9 Update: mediawiki-1.13.3-42.fc9
2008-12-24 18:43:58

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

46.2%

JSON
Related for CVE-2008-5250
ubuntucve1cvelist1debiancve1nvd1prion1nessus7openvas19freebsd1debian3osv1fedora7