CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2008-4408
https://notcve.org/view.php?id=CVE-2008-4408
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en MediaWiki vv1.13.1, 1.12.0, y posiblemente otras versiones anteriores a v1.13.2 permite a atacantes remotos inyectar web script o HTML de su elección a través del parámetro "useskin" en un componente no especificado. • http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-October/000078.html http://openwall.com/lists/oss-security/2008/10/02/3 http://secunia.com/advisories/32128 http://secunia.com/advisories/32131 http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_1/phase3/RELEASE-NOTES http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOTES http://www.securityfocus.com/bid/31540 http://www.vupen.com/english/advisories/2008/2737 https://exchange.xforce.ibmclo • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1318
https://notcve.org/view.php?id=CVE-2008-1318
Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results. Una vulnerabilidad no especificada en MediaWiki versiones 1.11 en versiones anteriores a la 1.11.2, permite a los atacantes remotos obtener información confidencial de "cross-site" por medio del parámetro callback en una llamada de la API para resultados formateados JavaScript Object Notation (JSON). • http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html http://secunia.com/advisories/29216 http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_2/phase3/RELEASE-NOTES http://www.securityfocus.com/bid/28070 http://www.securitytracker.com/id?1019535 http://www.vupen.com/english/advisories/2008/0732/references https://exchange.xforce.ibmcloud.com/vulnerabilities/40960 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 25%CPEs: 21EXPL: 0CVE-2008-0460
https://notcve.org/view.php?id=CVE-2008-0460
Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el fichero api.php de (1)MediaWiki 1.11 hasta 1.11.0rc1, 1.10 hasta 1.10.2, 1.9 hasta 1.9.4, y 1.8; y de (2) la extensión BotQuery para MediaWiki 1.7 y anteriores; cuando se está usando Internet Explorer, permite a atacantes remotos inyectar, a su elección, código web o HTML a través de vectores sin especificar. • http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-January/000068.html http://secunia.com/advisories/28629 http://secunia.com/advisories/29266 http://www.securityfocus.com/bid/28137 http://www.vupen.com/english/advisories/2008/0280 https://exchange.xforce.ibmcloud.com/vulnerabilities/39901 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00147.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00189.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2007-4883
https://notcve.org/view.php?id=CVE-2007-4883
Cross-site scripting (XSS) vulnerability in the BotQuery extension in MediaWiki 1.7.x and earlier before SVN 20070910 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a similar issue to CVE-2007-4828. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensión BotQuery de MediaWiki 1.7.x y versiones anteriores a SVN 20070910 permite a atacantes remotos inyectar scripts web o HTML de su elección mediante vectores no especificados, asunto similar a CVE-2007-4828. • http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html http://osvdb.org/37336 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2007-4828
https://notcve.org/view.php?id=CVE-2007-4828
Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el modo de presentación legible para humanos (pretty-printing) de la API de MediaWiki 1.8.0 hasta 1.8.4, 1.9.0 hasta 1.9.3, 1.10.0 hasta 1.10.1, y las versiones de desarrollo hasta la 1.11.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados. • http://fedoranews.org/updates/FEDORA-2007-218.shtml http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html http://secunia.com/advisories/26772 http://secunia.com/advisories/26870 http://www.securityfocus.com/bid/25632 http://www.vupen.com/english/advisories/2007/3130 https://bugzilla.redhat.com/show_bug.cgi?id=287881 https://exchange.xforce.ibmcloud.com/vulnerabilities/36558 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •