Vulnerabilities > CVE-2007-0177 - Cross-Site Scripting vulnerability in MediaWiki
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Vulnerable Configurations
Exploit-Db
description | MediaWiki 1.x AJAX Index.PHP Cross-Site Scripting Vulnerability. CVE-2007-0177. Webapps exploit for php platform |
id | EDB-ID:29404 |
last seen | 2016-02-03 |
modified | 2007-01-09 |
published | 2007-01-09 |
reporter | Moshe Ben-Abu |
source | https://www.exploit-db.com/download/29404/ |
title | MediaWiki 1.x AJAX Index.PHP Cross-Site Scripting Vulnerability |
Nessus
NASL family | SuSE Local Security Checks |
NASL id | SUSE_MEDIAWIKI-3065.NASL |
description | This update fixes a cross site scripting (XSS) bug in the AJAX features (CVE-2007-0177). |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 27347 |
published | 2007-10-17 |
reporter | This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/27347 |
title | openSUSE 10 Security Update : mediawiki (mediawiki-3065) |
code |
|
References
- http://osvdb.org/31525
- http://secunia.com/advisories/23647
- http://secunia.com/advisories/24889
- http://sourceforge.net/forum/forum.php?forum_id=652721
- http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES
- http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES
- http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES
- http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES
- http://www.novell.com/linux/security/advisories/2007_6_sr.html
- http://www.securityfocus.com/bid/21956
- http://www.vupen.com/english/advisories/2007/0096
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31359