Vulnerabilities > CVE-2004-2152 - Cross-Site Scripting vulnerability in MediaWiki Raw Page

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

mediawiki

nessus

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML.

Vulnerable Configurations

Part	Description	Count
Application	Mediawiki Mediawiki Mediawiki 1.1.0 Mediawiki Mediawiki 1.2.0 Mediawiki Mediawiki 1.2.1 Mediawiki Mediawiki 1.2.2 Mediawiki Mediawiki 1.2.3 Mediawiki Mediawiki 1.2.4 Mediawiki Mediawiki 1.2.5 Mediawiki Mediawiki 1.2.6 Mediawiki Mediawiki 1.3.0 Mediawiki Mediawiki 1.3.1 Mediawiki Mediawiki 1.3.2 Mediawiki Mediawiki 1.3.3 Mediawiki Mediawiki 1.3.4	13

Nessus

NASL family	CGI abuses
NASL id	MEDIAWIKI_MULTIPLE_FLAWS.NASL
description	The remote host appears is running a version of MediaWiki prior to 1.3.11. It is, therefore, affected by various vulnerabilities, including some that allow an attacker to execute arbitrary PHP code on the remote host. Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	18035
published	2005-04-13
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18035
title	MediaWiki < 1.3.11 Multiple Remote Vulnerabilities

Summary

Vulnerable Configurations

Nessus

References