// For flags

CVE-2017-0371

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the title attribute.

MediaWiki versiones anteriores a 1.23.16, versiones 1.24.x hasta 1.27.x anteriores a 1.27.2 y versiones 1.28.x anteriores a 1.28.1, permite a atacantes remotos descubrir las direcciones IP de los visitantes del Wiki por medio de un ataque style="background-image: attr(title url);" dentro de un elemento DIV que presenta una URL controlada por el atacante en el atributo title

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-11-29 CVE Reserved
  • 2022-02-18 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • 2024-11-03 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (2)
URL Tag Source
URL Date SRC
https://phabricator.wikimedia.org/T68404 2024-08-05
URL Date SRC
https://phabricator.wikimedia.org/T140591 2022-02-28
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mediawiki
Search vendor "Mediawiki"
 Mediawiki
Search vendor "Mediawiki" for product "Mediawiki"
 < 1.23.16
Search vendor "Mediawiki" for product "Mediawiki" and version " < 1.23.16"
-
Affected
Mediawiki
Search vendor "Mediawiki"
 Mediawiki
Search vendor "Mediawiki" for product "Mediawiki"
 >= 1.24.0 < 1.27.2
Search vendor "Mediawiki" for product "Mediawiki" and version " >= 1.24.0 < 1.27.2"
-
Affected
Mediawiki
Search vendor "Mediawiki"
 Mediawiki
Search vendor "Mediawiki" for product "Mediawiki"
 >= 1.28.0 < 1.28.1
Search vendor "Mediawiki" for product "Mediawiki" and version " >= 1.28.0 < 1.28.1"
-
Affected