Vulnerabilities > CVE-2004-2185 - Remote Input Validation vulnerability in Mediawiki 1.3.5

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
mediawiki
nessus
NVD
Published: 2004-12-31
Updated: 2008-09-05

Summary

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage.

Vulnerable Configurations

Part Description Count
Application
Mediawiki
1

Nessus

NASL familyCGI abuses
NASL idMEDIAWIKI_MULTIPLE_FLAWS.NASL
descriptionThe remote host appears is running a version of MediaWiki prior to 1.3.11. It is, therefore, affected by various vulnerabilities, including some that allow an attacker to execute arbitrary PHP code on the remote host. Note that Nessus has not tested for these issues but has instead relied only on the application
last seen2020-06-01
modified2020-06-02
plugin id18035
published2005-04-13
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18035
titleMediaWiki < 1.3.11 Multiple Remote Vulnerabilities

References