Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2010 Greenbone AGOPENVAS:1361412562310100732
HistoryAug 02, 2010 - 12:00 a.m.

MediaWiki < 1.15.5 'profileinfo.php' XSS Vulnerability

2010-08-0200:00:00
Copyright (C) 2010 Greenbone AG
plugins.openvas.org
11

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.003

Percentile

70.5%

JSON

MediaWiki is prone to a cross-site scripting (XSS) vulnerability
because it fails to properly sanitize user-supplied input.

# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:mediawiki:mediawiki";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.100732");
  script_version("2024-07-16T05:05:43+0000");
  script_cve_id("CVE-2010-2788");
  script_tag(name:"last_modification", value:"2024-07-16 05:05:43 +0000 (Tue, 16 Jul 2024)");
  script_tag(name:"creation_date", value:"2010-08-02 14:28:14 +0200 (Mon, 02 Aug 2010)");
  script_tag(name:"cvss_base", value:"2.6");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:N/I:P/A:N");
  script_name("MediaWiki < 1.15.5 'profileinfo.php' XSS Vulnerability");
  script_category(ACT_GATHER_INFO);
  script_family("Web application abuses");
  script_copyright("Copyright (C) 2010 Greenbone AG");
  script_dependencies("gb_mediawiki_http_detect.nasl");
  script_mandatory_keys("mediawiki/detected");

  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/42024");
  script_xref(name:"URL", value:"http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html");

  script_tag(name:"summary", value:"MediaWiki is prone to a cross-site scripting (XSS) vulnerability
  because it fails to properly sanitize user-supplied input.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"impact", value:"An attacker may leverage this issue to execute arbitrary script
  code in the browser of an unsuspecting user in the context of the affected site. This may let the
  attacker steal cookie-based authentication credentials and launch other attacks.");

  script_tag(name:"affected", value:"MediaWiki versions prior to 1.15.5 and 1.16.0.");

  script_tag(name:"solution", value:"Update to version 1.15.5, 1.16.0 or later.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if( ! port = get_app_port( cpe:CPE ) )
  exit( 0 );

if( ! vers = get_app_version( cpe:CPE, port:port ) )
  exit( 0 );

if( version_is_less( version:vers, test_version:"1.15.5" ) ) {
  report = report_fixed_ver( installed_version:vers, fixed_version:"1.15.5 or 1.16.0" );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

Related

prion 1
debiancve 1
nessus 6
nvd 1
ubuntucve 1
openvas 7
cvelist 1
cve 1
fedora 4
gentoo 1
prion
prion
Cross site scripting
2011-04-27 00:55:00
debiancve
debiancve
CVE-2010-2788
2011-04-27 00:55:01
nessus
nessus
MediaWiki profileinfo.php 'filter' Parameter XSS
2010-07-29 00:00:00
Fedora 15 : mediawiki-1.16.4-58.fc15 (2011-5848)
2011-04-27 00:00:00
Fedora 15 : mediawiki-1.16.4-57.fc15 (2011-5495)
2011-04-22 00:00:00
nvd
nvd
CVE-2010-2788
2011-04-27 00:55:01
ubuntucve
ubuntucve
CVE-2010-2788
2011-04-27 00:00:00
openvas
openvas
MediaWiki < 1.15.5 'profileinfo.php' XSS Vulnerability - Active Check
2011-05-11 00:00:00
Fedora Update for mediawiki FEDORA-2011-5812
2011-05-05 00:00:00
Fedora Update for mediawiki FEDORA-2011-5812
2011-05-05 00:00:00
cvelist
cvelist
CVE-2010-2788
2011-04-27 00:00:00
cve
cve
CVE-2010-2788
2011-04-27 00:55:01
fedora
fedora
[SECURITY] Fedora 15 Update: mediawiki-1.16.4-58.fc15
2011-04-26 16:04:53
[SECURITY] Fedora 14 Update: mediawiki-1.16.4-58.fc14
2011-04-30 23:24:28
[SECURITY] Fedora 15 Update: mediawiki-1.16.4-57.fc15
2011-04-21 05:28:33
gentoo
gentoo
MediaWiki: Multiple vulnerabilities
2012-06-21 00:00:00

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.003

Percentile

70.5%

JSON
Related for OPENVAS:1361412562310100732
prion1debiancve1nessus6nvd1ubuntucve1openvas7cvelist1cve1fedora4gentoo1