Lucene search

[email protected]CVE-2015-6737

HistorySep 01, 2015 - 2:59 p.m.

CVE-2015-6737

2015-09-0114:59:15

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-6737

cross-site scripting

xss

vulnerability

mediawiki

widgets extension

nvd

base64 encoded content

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.4%

JSON

Cross-site scripting (XSS) vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content.

Affected configurations

NVD

Node

widgets_projectwidgetsMatch-mediawiki

CPENameOperatorVersion
widgets_project:widgetswidgets project widgetseq-

CPE	Name	Operator	Version
widgets_project:widgets	widgets project widgets	eq	-

References

lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html

www.openwall.com/lists/oss-security/2015/08/12/6

www.openwall.com/lists/oss-security/2015/08/27/6

www.securityfocus.com/bid/76858

lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html

security.gentoo.org/glsa/201510-05

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.4%

JSON

Related for CVE-2015-6737

prion1 nvd1 cvelist1 ubuntucve1 fedora3 freebsd1 nessus3 openvas1 gentoo1