Vulnerability Details CVE-2007-0177
Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.033
EPSS Ranking 87.1%
CVSS Severity
CVSS v2 Score 5.1
References
- http://osvdb.org/31525
- http://secunia.com/advisories/23647
- http://secunia.com/advisories/24889
- http://sourceforge.net/forum/forum.php?forum_id=652721
- http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES
- http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES
- http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES
- http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES
- http://www.novell.com/linux/security/advisories/2007_6_sr.html
- http://www.securityfocus.com/bid/21956
- http://www.vupen.com/english/advisories/2007/0096
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31359
- http://osvdb.org/31525
- http://secunia.com/advisories/23647
- http://secunia.com/advisories/24889
- http://sourceforge.net/forum/forum.php?forum_id=652721
- http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES
- http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES
- http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES
- http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES
- http://www.novell.com/linux/security/advisories/2007_6_sr.html
- http://www.securityfocus.com/bid/21956
- http://www.vupen.com/english/advisories/2007/0096
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31359
Products affected by CVE-2007-0177
-
cpe:2.3:a:mediawiki:mediawiki:1.6.0
-
cpe:2.3:a:mediawiki:mediawiki:1.6.1
-
cpe:2.3:a:mediawiki:mediawiki:1.6.2
-
cpe:2.3:a:mediawiki:mediawiki:1.6.3
-
cpe:2.3:a:mediawiki:mediawiki:1.6.4
-
cpe:2.3:a:mediawiki:mediawiki:1.6.5
-
cpe:2.3:a:mediawiki:mediawiki:1.6.5_r14348
-
cpe:2.3:a:mediawiki:mediawiki:1.6.6
-
cpe:2.3:a:mediawiki:mediawiki:1.7.0
-
cpe:2.3:a:mediawiki:mediawiki:1.7.1
-
cpe:2.3:a:mediawiki:mediawiki:1.8.0
-
cpe:2.3:a:mediawiki:mediawiki:1.8.1
-
cpe:2.3:a:mediawiki:mediawiki:1.8.2
-
cpe:2.3:a:mediawiki:mediawiki:1.9.0