Vulnerabilities > CVE-2005-3165 - Unspecified vulnerability in Mediawiki

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

mediawiki

NVD

Published: 2005-10-06

Updated: 2008-09-05

Summary

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients.

Vulnerable Configurations

Part	Description	Count
Application	Mediawiki Mediawiki Mediawiki 1.4.1 Mediawiki Mediawiki 1.4.2 Mediawiki Mediawiki 1.4.3 Mediawiki Mediawiki 1.4.5 Mediawiki Mediawiki 1.4.6 Mediawiki Mediawiki 1.4.7 Mediawiki Mediawiki 1.4.8 Mediawiki Mediawiki 1.4_Beta1 Mediawiki Mediawiki 1.4_Beta2 Mediawiki Mediawiki 1.4_Beta3 Mediawiki Mediawiki 1.4_Beta4 Mediawiki Mediawiki 1.4_Beta5 Mediawiki Mediawiki 1.4_Beta6	13

Summary

Vulnerable Configurations

References