Lucene search
HistoryJan 16, 2015 - 4:59 p.m.
CVE-2014-9479
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
64.9%
Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to Special:TemplateSandbox.
Affected configurations
Node
mediawikimediawikiRange≤1.19.22
ORmediawikimediawikiMatch1.20
ORmediawikimediawikiMatch1.20.1
ORmediawikimediawikiMatch1.20.2
ORmediawikimediawikiMatch1.20.3
ORmediawikimediawikiMatch1.20.4
ORmediawikimediawikiMatch1.20.5
ORmediawikimediawikiMatch1.20.6
ORmediawikimediawikiMatch1.20.7
ORmediawikimediawikiMatch1.20.8
ORmediawikimediawikiMatch1.21
ORmediawikimediawikiMatch1.21.1
ORmediawikimediawikiMatch1.21.2
ORmediawikimediawikiMatch1.21.3
ORmediawikimediawikiMatch1.21.4
ORmediawikimediawikiMatch1.21.5
ORmediawikimediawikiMatch1.21.6
ORmediawikimediawikiMatch1.21.7
ORmediawikimediawikiMatch1.21.8
ORmediawikimediawikiMatch1.21.9
ORmediawikimediawikiMatch1.21.10
ORmediawikimediawikiMatch1.21.11
ORmediawikimediawikiMatch1.22.0
ORmediawikimediawikiMatch1.22.1
ORmediawikimediawikiMatch1.22.2
ORmediawikimediawikiMatch1.22.3
ORmediawikimediawikiMatch1.22.4
ORmediawikimediawikiMatch1.22.5
ORmediawikimediawikiMatch1.22.6
ORmediawikimediawikiMatch1.22.7
ORmediawikimediawikiMatch1.22.8
ORmediawikimediawikiMatch1.22.9
ORmediawikimediawikiMatch1.22.10
ORmediawikimediawikiMatch1.22.11
ORmediawikimediawikiMatch1.22.12
ORmediawikimediawikiMatch1.22.13
ORmediawikimediawikiMatch1.22.14
ORmediawikimediawikiMatch1.23.0
ORmediawikimediawikiMatch1.23.1
ORmediawikimediawikiMatch1.23.2
ORmediawikimediawikiMatch1.23.3
ORmediawikimediawikiMatch1.23.4
ORmediawikimediawikiMatch1.23.5
ORmediawikimediawikiMatch1.23.6
ORmediawikimediawikiMatch1.23.7
ORmediawikimediawikiMatch1.24.0
Related
cvelist
cvelist
CVE-2014-9479
2015-01-16 16:00:00
openvas
openvas
MediaWiki TemplateSandbox extension Cross-site scripting Vulnerability (Jan 2015)
2015-01-27 00:00:00
Gentoo Security Advisory GLSA 201502-04
2015-09-29 00:00:00
cve
cve
CVE-2014-9479
2015-01-16 16:59:14
prion
prion
Cross site scripting
2015-01-16 16:59:00
nessus
nessus
GLSA-201502-04 : MediaWiki: Multiple vulnerabilities
2015-02-09 00:00:00
gentoo
gentoo
MediaWiki: Multiple vulnerabilities
2015-02-07 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
64.9%
Related for NVD:CVE-2014-9479